Educause Security Discussion mailing list archives
Re: Return On Security Investment (ROSI)
From: Melissa Guenther <mguenther () COX NET>
Date: Fri, 13 Feb 2004 14:38:10 -0700
From CAI/FBI survey The financial impact of computer security breaches has been quantified by several sources. The best estimate of the impact of security breaches on a single organization can be found in the CSI-FBI survey of over 600 organizations. They concluded that the average cost impact of security breaches on each organization is over $972,000 per year. This, however, does not include the intangible losses: Many of these intangibles are related to a loss of competitive advantage that results from the breach. For example, a breach can affect an organizations competitive edge through: § Customers loss of trust in the organization § Failure to win new accounts due to bad press associated with the breach § Competitors access to confidential or proprietary information. -------Original Message------- From: The EDUCAUSE Security Discussion Group Listserv Date: 2/13/2004 2:09:55 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Return On Security Investment (ROSI) One of my associates will be giving a presentation at the EDUCAUSE Security Professionals Workshop in Washington this spring on the subject of Return On Security Investment (ROSI). As part of his research he is trying to find some real world statistics on the actual or estimated cost of security breaches, as well as the costs associated with defending against security attacks. Since the cost of various security software packages and associated hardware is pretty easily identified, the cost of the hardware/ software to protect against security breaches can be estimated. However, finding the soft costs of security protection, as well as the costs associated with security breaches, is quite a bit more difficult. If you have any information on this subject, or any suggestions as to how best to find out some of this information, I would very much appreciate it if you would let me know. Thanks! BTW, any information you send me will be kept confidential unless you say otherwise. Yours, Daniel C. Galloway, Jr. James Madison University Commonwealth Information Security Center (CISC) Institute for Infrastructure and Information Assurance (3IA) www.jmu.edu/iiia Richmond Office: (804) 371-5186 Harrisonburg Office: (540) 568-1691 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Return On Security Investment (ROSI) Galloway, Dan (Feb 13)
- <Possible follow-ups>
- Re: Return On Security Investment (ROSI) Melissa Guenther (Feb 13)
- Re: Return On Security Investment (ROSI) Melissa Guenther (Feb 13)
- Re: Return On Security Investment (ROSI) Julia Allen (Feb 16)