Blog Posts Tagged with "ROI"


Data Loss Prevention: Solution in Search of a Problem?

April 06, 2011 Added by:Ron Lepofsky

Pro-active DLP products stop potentially threatening situations from developing, and if they do occur it blocks, encrypts, and suggests reconfigurations on the fly. More comprehensive enterprise versions are highly integrated with many of these features all packed into one product...

Comments  (0)


SIEM Resourcing and Calculating the Associated Costs

March 14, 2011 Added by:Anton Chuvakin

That SIEM appliance might set us back $75,000 in hard earned security budget dollars, but how much more will we have to spend in the next 3 years deploying, integrating, using, tuning, cursing, expanding the thing? How much manpower will the new operational procedures cost us?

Comments  (0)


The Psychology of 'Secure Code': A Tale of 2 Dev Shops

March 10, 2011 Added by:Rafal Los

Security generally slows down development, adds cost, and increases test time, so it is not seen as a general practice. In fact, the dedicated dev house has an incentive not to have security as a core requirement. Why? Simple - they want to churn out code/projects faster...

Comments  (0)


Application Vulnerabilities are Like Landmines

March 02, 2011 Added by:Ron Lepofsky

Application owners sometimes get confused when doing a follow-up audit after they have implemented all recommendations made in an original audit. Some owners think they can save money on a subsequent audit simply by having an auditor validate the mitigation recommendations were implemented correctly...

Comments  (0)


Intrusion Detection: Why Do I Need IDS, IPS, or HIDS?

February 23, 2011 Added by:Ron Lepofsky

The ROI calculation for IDS is predicated upon identifying mission critical elements, the estimated financial loss associated with a security risk developing into a real life security event, and then comparing the lifecycle cost of IDS against the estimated financial loss associated with a breach...

Comments  (2)


The Second Law of Risk Management

February 14, 2011 Added by:Healthcare CSO

One of the most critical things that security practitioners tend to not get, to not understand, is that being part of the business means you contribute to the success of the business. Better information security, generally, is not considered contributing to the success of the business...

Comments  (1)


The Emotional Content of Security

February 06, 2011 Added by:Danny Lieberman

At the beginning, there was the notion of “selling security with FUD“, starting with anti-virus and peaking in the early 90s with the outbreak of RPC worms on Wall Street. It was pretty easy to sell security with FUD tactics. Then we had 9/11...

Comments  (0)


The Real Business Impact of Being Hacked

February 03, 2011 Added by:Rafal Los

Even if your customers don't hold you accountable for a breach - how long will you be down as a result, and how much will that cost you in sales? Compare that against the cost of doing the right thing and applying proper security to the sites you build - I bet the ROI is there...

Comments  (19)


Applying NPV and ROI to Security Investment Decisions

October 10, 2010 Added by:Kurt Aubuchon

The concept of a Return on Security Investment (ROSI) is frequently explored in information security literature, there is little consensus on how to calculate it, and few tools to help the ISM do so. This article describes a flexible model that merges NPV and ROI calculations into ROSI...

Comments  (6)


SSL VPN and return on investment. A possible combination

May 05, 2010 Added by:Dario Forte

At the current point in the history of information security, companies have spent a lot of time analyzing various options for remote access to their information systems. Many of them have begun with IPsec-based systems to interconnect different sites. It all seemed rather simple at first, but as the number of sites (and clients) that needed to be interconnected increased, scalability and inte...

Comments  (0)

Page « < 1 - 2 - 3 > »