Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Return On Security Investment (ROSI)

From: Melissa Guenther <mguenther () COX NET>
Date: Fri, 13 Feb 2004 14:38:10 -0700
From CAI/FBI survey
The financial impact of computer security breaches has been quantified by
several sources.  The best estimate of the impact of security breaches on a
single organization can be found in the CSI-FBI survey of over 600
organizations.  They concluded that the average cost impact of security
breaches on each organization is over $972,000 per year.
This, however, does not include the intangible losses:
Many of these intangibles are related to a “loss of competitive advantage”
that results from the breach.  For example, a breach can affect an
organization’s competitive edge through:
§         Customers’ loss of trust in the organization
§         Failure to win new accounts due to bad press associated with the
breach
§         Competitor’s access to confidential or proprietary information.

 
 
-------Original Message-------
 
From: The EDUCAUSE Security Discussion Group Listserv
Date: 2/13/2004 2:09:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Return On Security Investment (ROSI)
 
One of my associates will be giving a presentation at the EDUCAUSE Security
Professionals Workshop in Washington this spring on the subject of Return On
Security Investment (ROSI).
 
As part of his research he is trying to find some “real world” statistics on
the actual or estimated cost of security breaches, as well as the costs
associated with defending against security attacks.
 
Since the cost of various security software packages and associated hardware
is pretty easily identified, the cost of the hardware/ software to protect
against security breaches can be estimated. However, finding the soft costs
of security protection, as well as the costs associated with security
breaches, is quite a bit more difficult.
 
If you have any information on this subject, or any suggestions as to how
best to find out some of this information, I would very much appreciate it
if you would let me know. Thanks!
 
BTW, any information you send me will be kept confidential unless you say
otherwise.
 
Yours, 
 
Daniel C. Galloway, Jr.
James Madison University
Commonwealth Information Security Center (CISC)
Institute for Infrastructure and Information Assurance (3IA)
www.jmu.edu/iiia
Richmond Office: (804) 371-5186
Harrisonburg Office: (540) 568-1691
 
 
 

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Previous By Date Next
Previous By Thread Next

Current thread: