Blog Posts Tagged with "ROI"


The Infosec Investment Equation - Can You Solve It?

April 09, 2012 Added by:Neira Jones

Redundant measures always expose themselves very rapidly: they either don’t help you run your shop, or nobody around you is interested in them. So if you still have some of these, your job is to scrap them because it will save some time and resources to apply elsewhere...

Comments  (0)


Location, Location, Location: It Works in Risk Management

March 21, 2012 Added by:Edwin Covert

With the increase in cybercrime costs, organizations need to be able to ensure they are maximizing their return on risk management investment. An effective way of doing this is making sure the information security or risk management team is properly aligned within their organization...

Comments  (0)


Why Infosec Forced Me to Get an MBA

January 31, 2012 Added by:Don Turnblade

How much did restoring, repairing, reimaging, improved firewall rules, down time, legal fines, or direct fraud cost per event? Asking what it is may be too close to that great low pressure system, and you do not need to be struck by lightning. I won't ask and you won't tell...

Comments  (0)


The State of Solid State

December 21, 2011 Added by:Emmett Jorgensen

Solid state disks are more reliable because SSDs do not contain any moving parts. There are no read heads, actuator arms or spinning platters that can break down in an SSD. SSDs can be moved around freely while in use and have a higher tolerance against shock and vibration than HDDs...

Comments  (1)


Getting Past Security's Fuzzy Math ROI

December 05, 2011 Added by:Rafal Los

It seems that we're using statistics, metrics, surveys and 'studies' to demonstrate what we can't otherwise adequately explain. That would be all well and good, if the math wasn't all fuzzy. Numbers can't fib, only the people that manipulate them can be accused of that trespass...

Comments  (0)


Enterprise Security: Over Budget, Over Extended, Under Prepared

November 11, 2011 Added by:Rafal Los

When your organization's house is on fire, the pressure's on to put it out immediately rather than worry about long-term sustainability. The best time to formulate a strategy is pre-breach. Unfortunately, this is often the time when you probably won't have the funds... details, details...

Comments  (1)


Security Metrics and the Balanced Scorecard

October 13, 2011 Added by:Steven Fox, CISSP, QSA

The business process metric ensures processes are meeting business requirements. The security team can use this information to identify where threats may have the greatest impact, to identify risks that are relevant, and to plan controls from the perspective of an attacker...

Comments  (0)


Financial Analysis for Infosec Professionals

August 23, 2011 Added by:Nick Owen

My goal is to provide infosec professionals a basis for discussing risks with business professionals - especially finance people - and to dispel some myths. The goal of this post is to lay some groundwork for proper financial analysis techniques - or at least minimize the dumber ones...

Comments  (0)


Evaluating the Cloud-Based Services Option Part II

July 06, 2011 Added by:Mike Meikle

Risk Management becomes a factor in determining if a Cloud solution is a viable choice. Businesses have to weigh the risk of moving a service or application to the Cloud against the potential for profit or savings. Risk management will have to educate the executives on the ramifications...

Comments  (0)


Evaluating the Cloud-Based Services Option

June 06, 2011 Added by:Mike Meikle

Keep a local copy of your data. If Google Apps one day decides to die because of “data corruption” you do not want to be stuck without access to important documents. The potential for an incident like this is moderately high since Google has already had a similar situation with Gmail...

Comments  (3)


Return on Security Investment (ROSI) Calculator Launched

June 02, 2011 Added by:Dejan Kosutic

This is the most detailed ROSI Calculator that can be found on the Internet, and it aims to calculate as precisely as possible whether the potential decrease of security incidents (i.e. the risk mitigation) will outweigh the investment in security measures. It's completely free...

Comments  (0)


Open Your Box of IT Innovation

May 28, 2011 Added by:Rahul Neel Mani

Innovation and doing more with less are not just buzzwords. That doesn't mean having Systems up and running can take a back seat either. David Awcock, Head of Technology Standard Chartered Bank, shares his ideas in an interview with Minu Sirsalewala Agarwal, on how he manages both...

Comments  (0)


Management’s View of Information Security

May 23, 2011 Added by:Dejan Kosutic

One of the often misunderstood aspects of information security is that most of the problems (i.e. incidents) happen not because of technology, but because of human behavior. Most of the investments needed will be in defining new policies & procedures and in training & awareness programs...

Comments  (0)


Is the Cloud More Secure Than a Physical Environment?

May 23, 2011 Added by:Bill Gerneglia

An advantage of the cloud in terms of security is that it is utility based. If you use a managed solution that is flexible, allowing you to pay for its utility, even if you are a small company, then security should be packaged in...

Comments  (0)


NPV and ROSI Part II: Accounting for Uncertainty in the ARO

May 11, 2011 Added by:Kurt Aubuchon

Running the simulation for multiple ARO (Annualized Rate of Occurrence), you find the ARO at which the model begins to produce a positive ROSI in a majority of the simulations. You can determine how frequently a breach has to happen before a security investment makes sense...

Comments  (0)


A Better Defense in Depth Implementation

April 13, 2011 Added by:Robb Reck

As malicious actors have proven time and time again, our current security programs are insufficient to provide adequate protection. Defense in depth has come under fire as a result. But it’s not the DiD model that has failed us, it’s our own incomplete implementations...

Comments  (3)

Page « < 1 - 2 - 3 > »