Premium Content

Access "Return on security investment: The risky business of probability"

Published: 25 Nov 2013

As most of us know, return on security investment is basically the amount of risk reduced, less the amount spent, divided by the amount spent on controls. Net amount of risk per amount of control is the essential formula for any "return on" ratio -- return on investment, equity, assets and so on. (It isn't like this stuff is just made up; there's history and an interest in consistency here.) The challenge for technology risk management professionals is really a gut check: Are we really, truly reducing risk by the amount we are spending on security? As I noted in my November column, first, realize that you are making that assertion every time you allocate resources to some function. So take a step back and verify that the costs of your recent actions -- salaries, operating expenses, capital investments -- meet these criteria. But breakeven is never good enough, and we really haven't gotten to the bottom of the individual values of probability and impact (the elements of risk). It's useful -- perhaps even crucial -- to have an objective understanding of these ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Devising a security strategy for the modern network
    countering_cybercrime.png
    E-Handbook

    The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...

  • The big data challenge: What's in store for NoSQL security
    security_0814.jpg
    E-Zine

    In the rush to capitalize on big data, many companies forget that developing an ecosystem of structured and unstructured data means higher risk of ...

  • A comprehensive guide to securing the Internet of Things
    ISM_IE_0814.png
    E-Zine

    As the number of Internet-connected devices grows, the potential security challenges of the so-called "Internet of Things," or IoT, can no longer be ...