|
Security Basics
mailing list archives
Re: The Return on Investment of Good Security
From: tony_l_turner () yahoo com
Date: Sat, 3 Jan 2009 15:20:39 +0000
I've always felt that any attempts to calculate ROI for security investments led to confusion. There really is no
return on investment, just mitigated or avoided risk. Its similar to buying insurance (although that creates a certain
amount of risk transference) but either is a completely different scenario then buying a server or a new DBMS that
directly translates to increased transaction volume or decreased contact times. ROI on security is a misnomer. It is an
attempt to justify security expenditures and while some sort of model is needed to represent the impact for the
investment and the returns gained, ROI seems a poor choice.
------Original Message------
From: Adriel T. Desautels
Sender: listbounce () securityfocus com
To: pen-test list
Cc: security-basics () securityfocus com
Sent: Jan 2, 2009 6:45 PM
Subject: The Return on Investment of Good Security
Latest blog entry for those who care. This one compares the Return on
Investment of good security services to the Return on Investment of
poor quality security services. As usual comments and criticisms are
welcome and appreciated.
Direct link as requested:
http://snosoft.blogspot.com/2009/01/cost-of-good-security-is-fraction-of.html
Adriel T. Desautels
ad_lists () netragard com
--------------------------------------
Subscribe to our blog
http://snosoft.blogspot.com
Sent from my Verizon Wireless BlackBerry
 By Date 
By Thread
Current thread:
- Re: The Return on Investment of Good Security tony_l_turner (Jan 05)
|
Intro
