Security ROI – ROSI
This evening, I read one whitepaper sent by Paul a few days ago. This is a good whitepaper which covers much CISSP knowledge and financial terms, e.g. probability, NPV, etc. This whitepaper makes a new term – ROSI. It means Return On Security Investment.
This diagram is copied from the whitepaper which is used to illustrate the security investment and attitude. It’s interesting. Actually, security awareness is one of most important jobs of all CISO. They must be very good at promoting security and communicate with financial controllers and business decision makers.
It’s very cool that you can calculate quantitively the return against security investment, even though it must come along with a lot of assumptions.
Really? Buddy, Thanks.
Hi Richard, let me bring it to you next time
I hope i can arrange Brain to meet you face to face very soon.
Its’ amazing. Actually, Paul is also your colleague at AP.
Brian’s book? I like to read it.
Hi, this paper is from my company. To be clear, this diagram comes from Pete Lindstrom, currently an analyst at Burton Group. He has been presenting this model for several years. The paper references Pete’s ROI for Security Spending presentation, and the paper’s author, Brian Contos (also of ArcSight), also includes this diagram of Pete’s in Brian’s book, Enemy at the Water Cooler. We think Pete’s model is very cool!