Premium Content

Access "Return on security investment: The risky business of probability"

Published: 25 Nov 2013

As most of us know, return on security investment is basically the amount of risk reduced, less the amount spent, divided by the amount spent on controls. Net amount of risk per amount of control is the essential formula for any "return on" ratio -- return on investment, equity, assets and so on. (It isn't like this stuff is just made up; there's history and an interest in consistency here.) The challenge for technology risk management professionals is really a gut check: Are we really, truly reducing risk by the amount we are spending on security? As I noted in my November column, first, realize that you are making that assertion every time you allocate resources to some function. So take a step back and verify that the costs of your recent actions -- salaries, operating expenses, capital investments -- meet these criteria. But breakeven is never good enough, and we really haven't gotten to the bottom of the individual values of probability and impact (the elements of risk). It's useful -- perhaps even crucial -- to have an objective understanding of these ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Secure file transfer: Send large files fast, but keep your system safe
    secure_file_transfer.png
    E-Handbook

    FTP gets big files to colleagues and clients fast, but as the headlines remind us, the threat of electronic break-ins is real. This guide to secure ...

  • Is your mobile security strategy combating the wrong enemy?
    ism_0414.png
    E-Zine

    As tablets and smartphones become more integrated into business environments, CISOs are scrambling to put effective countermeasures in place. But too...

  • What's the best focus for MDM strategy now?
    best_focus_for_MDM.png
    E-Handbook

    This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost...