Introduction to Return on Security Investment

As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention. So what is the right amount an organization should invest in protecting information?
Dec 12, 2012
Downloads Return On Security Investment.pdf — PDF document, 1,037 kB (1,061,982 bytes)
English

Source:
http://www.enisa.europa.eu/activities/cert/other-work/introduction-to-return-on-security-investment

0 yorum: