Investing in Security for ROI?

Back to News

ENISA's new report "Return On Security Investment" initiates a discussion among the ‘Digital Fire Brigades’ or Computer Emergency Response Teams (CERTs) to create the basic tools and best practices to calculate their Return on Security Investment (ROSI) while it can operate as a tool to justify their business need and existence through their financial added value.


 

Financial Gains of Cyber Security

Assessing the cost-effectiveness of CERTs should take into account the beneficial actions that CERTs achieve by contributing to detect, handle, recover from and deter incidents early and efficiently. Thus, security is not usually seen as an investment that provides profit, but rather loss prevention.

Security Metrics

The FIRST Metrics SIG (Forum for Incident Response and Security Teams) is working to improve the metrics and evaluation methods for internal evaluation of CERTs and address the topic of cost of incidents and return on security investment.

Interesting questions: What is the right amount an organization should invest in protecting information? Is an organisation paying too much for its security?

 

For the full Report: Return On Security Investment