Evaluating the return on security investment (ROSI): Where’s the problem?

By Jane Frankland on Jan 9, 2004 5:00 PM
Filed under

I have read so many articles that have tried to advise the industry on ways to analyze an organizations return on security investment (ROSI), with the majority championing the difficulties associated with it and sadly concluding that in fact there is no effective way.

Many believe that demonstrating a ROSI in the enterprise is nigh impossible because there are no metrics that measure the ROSI unless a company is attacked or security is outsourced to a managed security provider. However, I've always been astounded by this attitude, as to me it appears that the most obvious point has been completely missed; organizations must begin with information risk assessments in order to evaluate the true effectiveness of their security investment. Most of us read with interest the publication of the Information Security Breaches Survey 2002 (ISBS 2002) from the ...
You must be a registered member to access this content.
Please Sign in below or Register now.
NOTE: This Feature is more than 7 days old.
Please login to view the rest of this article

Registered users may log in here.

Login or Register now and get unlimited access.


Why sign up?
  • Unlimited access to SC Magazine content as well as access to to our global resources from SC Magazine US and UK editions.
  • Full use of over 11,000 articles database covering breaking news, video interviews, case studies, research, product reviews and exclusive features with fast and intuitive filtering of results.
  • Personalised "Recommended for you" filters to ensure you have the most relevant content at your finger tips.
  • Daily security bulletin direct to your inbox covering the latest security news from Australia/NZ and around the world.

Register now, its free! We'll never sell your details to third parties and it helps SC Magazine to keep serving you quality stories.
Sign up to receive SC Magazine email newsletters
   FOLLOW US...
Most Read