Blog Posts Tagged with "ROSI"


The Infosec Investment Equation - Can You Solve It?

April 09, 2012 Added by:Neira Jones

Redundant measures always expose themselves very rapidly: they either don’t help you run your shop, or nobody around you is interested in them. So if you still have some of these, your job is to scrap them because it will save some time and resources to apply elsewhere...

Comments  (0)


Why Infosec Forced Me to Get an MBA

January 31, 2012 Added by:Don Turnblade

How much did restoring, repairing, reimaging, improved firewall rules, down time, legal fines, or direct fraud cost per event? Asking what it is may be too close to that great low pressure system, and you do not need to be struck by lightning. I won't ask and you won't tell...

Comments  (0)


Getting Past Security's Fuzzy Math ROI

December 05, 2011 Added by:Rafal Los

It seems that we're using statistics, metrics, surveys and 'studies' to demonstrate what we can't otherwise adequately explain. That would be all well and good, if the math wasn't all fuzzy. Numbers can't fib, only the people that manipulate them can be accused of that trespass...

Comments  (0)


Calculating the Return on Security Investment (ROSI)

June 20, 2011 Added by:Dejan Kosutic

Traditionally, "making sense" for management means that the revenues that will result from the investment will be larger than the total cost of investment. So what's the problem? The problem is, even if you can calculate the total cost, there are no revenues to be made from security...

Comments  (0)


Return on Security Investment (ROSI) Calculator Launched

June 02, 2011 Added by:Dejan Kosutic

This is the most detailed ROSI Calculator that can be found on the Internet, and it aims to calculate as precisely as possible whether the potential decrease of security incidents (i.e. the risk mitigation) will outweigh the investment in security measures. It's completely free...

Comments  (0)


NPV and ROSI Part II: Accounting for Uncertainty in the ARO

May 11, 2011 Added by:Kurt Aubuchon

Running the simulation for multiple ARO (Annualized Rate of Occurrence), you find the ARO at which the model begins to produce a positive ROSI in a majority of the simulations. You can determine how frequently a breach has to happen before a security investment makes sense...

Comments  (0)