PRO+ Premium Content/Information Security

Thank you for joining!
Access your Pro+ Content below.
November 2013 Vol. 15 / No. 9

Break-even analysis: The highs and lows of risk and ROSI

In my first column I issued a call to action to help technology risk management professionals make good decisions through the application of economic techniques. While that might seem like a tall order, you're already making those decisions. What you thought were random qualitative choices about running a security program actually reveal a lot about your risk expectations. It's impossible to measure technology-related risk, or that's the commonly held belief. The reason: the challenge of determining both the likelihood of bad things happening and the financial amount that could be lost. It can be very complex (mind-boggling, really) if you attempt to think through all of the details. But those "revealed preferences" (versus stated) are hard at work tattling on you by providing a baseline amount to work with. At the very least, every resource allocation decision involves justification; usually, just deciding to do the "most important" thing on your list, because "it's worth it." Break-even analysis pointers Therefore, we need to ...

Features in this issue

  • Virtualization security dynamics get old

    by  Chris Hoff

    Companies have embraced virtualization and cloud computing, but security is still bolted-on. Here's what needs to change.

  • Beyond the Page: Virtual security

    by  Christofer Hoff

    In the November 2013 Beyond the Page on virtual security, Chris Hoff examines the challenges infosec pros face in finding the right security strategy for their enterprise network.

  • Eliminating black hat bargains

    by  Robert Lemos

    Enterprises cannot always keep attackers out of their networks. Instead, defense-in-depth strategies aim to raise the cost to black hats -- in terms of time and money.

Columns in this issue