Premium Content

Access "Return on security investment: The risky business of probability"

Published: 25 Nov 2013

As most of us know, return on security investment is basically the amount of risk reduced, less the amount spent, divided by the amount spent on controls. Net amount of risk per amount of control is the essential formula for any "return on" ratio -- return on investment, equity, assets and so on. (It isn't like this stuff is just made up; there's history and an interest in consistency here.) The challenge for technology risk management professionals is really a gut check: Are we really, truly reducing risk by the amount we are spending on security? As I noted in my November column, first, realize that you are making that assertion every time you allocate resources to some function. So take a step back and verify that the costs of your recent actions -- salaries, operating expenses, capital investments -- meet these criteria. But breakeven is never good enough, and we really haven't gotten to the bottom of the individual values of probability and impact (the elements of risk). It's useful -- perhaps even crucial -- to have an objective understanding of these ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Threat intelligence and risk: Why cybersecurity hangs in the balance
    ISM_0614.png
    E-Zine

    As more security professionals take on greater roles in global risk management, Global 2000 companies are investing in cybersecurity measures above ...

  • How to respond to the latest distributed denial-of-service attacks
    DDOS_attacks.png
    E-Handbook

    All indications show that DDoS attacks are increasing in variety, number and size. No network system is immune and information security pros can't ...

  • Figuring out FIDO as the first products emerge
    ISM_0514.png
    E-Zine

    The Fast Identity Online (FIDO) standards reached the public draft stage in February, and the first deployments of FIDO-ready technologies followed ...