ROI MIT SICHERHEIT

Finally, a Real Return on Security Spending

18.02.2002
Von Scott Berinato

The curve looks like smoke pouring out of a smoke stack; it rises in asharp vertical at first, then trails off in an ever more taperingcurve. The ROSI rises as you spend more, but (and this will gladdenthe hearts of CFOs) it rises at a diminishing rate.

The researchers believe that they could also overlay that curve withsomething called an indifference curve, which instead of mapping datamaps behavior. It plots the points at which the CEO is satisfied withthe combination of cost and survivability. The curve always slopesdown and to the right, like the bottom half of a C.

Where the indifference curve and the actual ROSI curve intersect wouldprovide the optimal security spending point. In other words, not onlycould you prove you need fire sprinklers, you could tell the CEO andCFO how much should be spent on them.

Green Data = Skepticism

Most information executives and security experts believe these ROSIstudies will be a significant new tool. But a certain caution lingers.Some CIOs point out that the studies are useless as raw documents;they require translation before the data hits their desks. Severalexecutives also worried about applicabilitytaking the data out of thelab and putting it in the real world. "The worst thing is for peopleto say security requires a trillion dollars, and then offer nosolution in the real world," says Micki Krause, director ofinformation security of PacifiCare Health Systems, an HMO in SantaAna, Calif.

Zur Startseite