IDS mailing list archives
RE: Value of IDS, ROI
From: "Pete Lindstrom" <petelind () spiresecurity com>
Date: Thu, 5 May 2005 10:00:26 -0400
In business, you can get ROI in two ways (the same way you make a profit): either by increasing revenue or decreasing costs. I believe this is a fairly conventional OPINION (and ultimately a self-defining FACT) in the financial management world. To cite an opinion piece about the IT Security cost center's ability to generate an ROI and claim it is a fact doesn't negate the view of the folks with the money. If you can't get ROI by automating an existing manual patch management or password reset process, you aren't even trying. Ditto if you still have leased lines and are looking at VPNs. I agree that ROI for IDS is harder, but if you can find ways to reduce the spending you are already doing - either by streamlining a complex monitoring process, reducing the actual number/cost of incidents, or reducing the capital expenses for the threat management infrastructure. For all cost centers (which usually include HR, Legal, Facilities, and IT/ IT Security among others) the test for ROI is simple: you can't get ROI if 1) you aren't spending any money on the business process, capital equipment required, and "exception management" (in security this is generally incident response and recovery); or 2) you are completely efficient, buy the least expensive gear, and never have exceptions/incidents. The real beauty of being in security is that we do have this other measure - Return on Security Investment - to demonstrate the value of protecting information assets and their potential loss. Granted, we don't even come close to being able to leverage the concept, even though sales departments have been using basically the same formula for their pipeline management for years. Anybody looking for further ideas on ROI in security is welcome to send me an email off-list. Regards, Pete -----Original Message----- From: Bamm Visscher [mailto:bamm.visscher () gmail com] Sent: Wednesday, May 04, 2005 9:44 AM To: Jason Patel Cc: focus-ids () securityfocus com Subject: Re: Value of IDS, ROI There is no calculating ROI for security (including IDS) [0]. A CIO should be able to understand that. Security is about mitigating loss, much like insurance. You should focus on explaining how your IDS implementation will help protect the investment your company has made in IT. An IDS should provide early warnings of a compromise and other security events. It will also help you quickly determine the scope of the event, escalate the activity to the correct departments, and the data gathered will make the remediation effort more efficient. Bammkkkk [0] http://taosecurity.blogspot.com/2004/04/calculating-security-roi-is-waste-of .html On 3 May 2005 18:15:19 -0000, Jason Patel <patel1210 () yahoo com> wrote:
I was wondering how big companies CIO show their executives Return of
investment on IDS. What is the monitoring strategy for IDS alerts. I am trying to figure monitoring strategy and how to show my executive that how important job this is, but cant come up with a convincing solution. Anyhelp is highly appreciated.
Thanks, Jason -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
-- sguil - The Analyst Console for NSM http://sguil.sf.net -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Value of IDS, ROI Jason Patel (May 03)
- RE: Value of IDS, ROI Ed Gibbs (May 03)
- Re: Value of IDS, ROI Vladimir Vuksan (May 03)
- Re: Value of IDS, ROI Bamm Visscher (May 04)
- RE: Value of IDS, ROI Eric Hines (May 06)
- Re: Value of IDS, ROI Bamm Visscher (May 06)
- RE: Value of IDS, ROI Pete Lindstrom (May 06)
- RE: Value of IDS, ROI Eric Hines (May 06)
- <Possible follow-ups>
- Re: Value of IDS, ROI Bob Huber (May 03)
- RE: Value of IDS, ROI Angel L Rivera (May 04)
- Re: Value of IDS, ROI Jason Patel (May 06)
- RE: Value of IDS, ROI John Forristel (SunGard-Chico) (May 06)
- Re: Value of IDS, ROI Chris Byrd (May 06)
- RE: Value of IDS, ROI Federico Lombardo (May 11)
- RE: Value of IDS, ROI THolman (May 19)
- RE: Value of IDS, ROI Justin . Ross (May 28)
- Re: Value of IDS, ROI Jonathan Glass (May 31)
- RE: Value of IDS, ROI Justin . Ross (May 28)