ROI MIT SICHERHEIT

Finally, a Real Return on Security Spending

18.02.2002
Von Scott Berinato

IT executives are hungry for this kind of data. "It's very easy to geta budget [for security] after a virus hits. But doing it up frontmakes more sense; it's always more secure," says Phil Go, CIO atdesign and construction services company Barton Malow in Southfield,Mich. "Numbers from an objective study would help me. I don't evenneed to get hung up on the exact numbers as long as I can prove thenumbers are there from an unbiased study."

If the new findings about ROSI are proven true, they willfundamentally change how information security vendors sell security toyou and how you sell security to your bosses. And the statement "Youneed information security" will sound as commonsensical as "You needfire sprinklers."

Soft ROSI

Tom Oliver, a security architect for NASA, recently spent tens ofthousands of dollars on a comprehensive, seven-week external securityaudit. At the end, Oliver received a 100-page booklet with theresults - which were mostly useless.

"[The auditors] said, 'You were very secure. We were surprised wecouldn't access more [sensitive data]," says Oliver, who is employedby Computer Sciences (under contract to NASA) at the Marshall SpaceFlight Center in Huntsville, Ala. "But I wanted to know how wecompared to other government agencies. If I put another $500,000 intosecurity, will that make me more secure?

Zur Startseite