Re: The Return on Investment of Good Security

[tony_l_turner () yahoo com]

I've always felt that any attempts to calculate ROI for security investments led to confusion. There really is no 
return on investment, just mitigated or avoided risk. Its similar to buying insurance (although that creates a certain 
amount of risk transference) but either is a completely different scenario then buying a server or a new DBMS that 
directly translates to increased transaction volume or decreased contact times. ROI on security is a misnomer. It is an 
attempt to justify security expenditures and while some sort of model is needed to represent the impact for the 
investment and the returns gained, ROI seems a poor choice. 
------Original Message------
From: Adriel T. Desautels
Sender: listbounce () securityfocus com
To: pen-test list
Cc: security-basics () securityfocus com
Sent: Jan 2, 2009 6:45 PM
Subject: The Return on Investment of Good Security

Latest blog entry for those who care. This one compares the Return on  
Investment of good security services to the Return on Investment of  
poor quality security services.  As usual comments and criticisms are  
welcome and appreciated.

Direct link as requested:

http://snosoft.blogspot.com/2009/01/cost-of-good-security-is-fraction-of.html


        Adriel T. Desautels
        ad_lists () netragard com
         --------------------------------------

        Subscribe to our blog
         http://snosoft.blogspot.com





Sent from my Verizon Wireless BlackBerry