Premium Content

Access "Return on security investment: The risky business of probability"

Published: 25 Nov 2013

As most of us know, return on security investment is basically the amount of risk reduced, less the amount spent, divided by the amount spent on controls. Net amount of risk per amount of control is the essential formula for any "return on" ratio -- return on investment, equity, assets and so on. (It isn't like this stuff is just made up; there's history and an interest in consistency here.) The challenge for technology risk management professionals is really a gut check: Are we really, truly reducing risk by the amount we are spending on security? As I noted in my November column, first, realize that you are making that assertion every time you allocate resources to some function. So take a step back and verify that the costs of your recent actions -- salaries, operating expenses, capital investments -- meet these criteria. But breakeven is never good enough, and we really haven't gotten to the bottom of the individual values of probability and impact (the elements of risk). It's useful -- perhaps even crucial -- to have an objective understanding of these ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside

Features

More Premium Content Accessible For Free

  • Continuous monitoring program demystified
    ism_1014.png
    E-Zine

    For many security teams, "continuous monitoring" is a vague concept associated with FISMA compliance. A continuous monitoring program can be simple ...

  • Does Windows 8.1 meet the demands of the BYOD age?
    windows_shopping_8-1.png
    E-Handbook

    The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...

  • Application security policy after Heartbleed
    ISM_0914.png
    E-Zine

    Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...