This is cache of http://ravichar.blogharbor.com/blog/_archives/2006/11/30/2540455.html. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
ROI of Security the debate continues..
2006-11-30 20:28:05 by RaviC in Musings on Information Security
 

Dr. Chuvakin has an interesting post about the ROI of security. This is what he says:

"First, bear with me since I am still trying to build a coherent picture of security ROI for myself from all the diverse sources of info, some as smart as Pete Lindstrom :-) In general, I am leaning towards "there is no ROI for security; there are only cost savings."

I could not agree with him any less. You have a step throat and being concerned about it, you decide to go to a doctor. The doctor treats you and you pay for the service. The doctor tells you that the doctor's service provided you ROI - you were cured in 3 days without  the doctor's service it would have taken 7 days, thus adding 4 additional days for your productivity.

EPD= Your Earning Per Day in $

Your ROI=4*EPD- (Doctor Fees)

Do doctors have to justify ROI for treating you?

Which one would you value most: your cure or your ROI?

Why should security professionals need to demonstrate ROI when they address the ailments/threats for a company's health?

 

 

 
Tags: security, roi, security roi, doctor fees, doctor, doctor treats, doctor tells, additional days, security professionals
 
 
 
 
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia