ROI der IT-Sicherheit
New Qualitative Model Helps Measure Security Risk Reduction
We estimate that adding the vulnerability assessment service will increase the effectiveness of our confidentiality, integrity and availability controls by 10 percent. This translates to a 10 percent reduction in the number or severity of reported vulnerabilities or a 10 percent reduction in downtime.
Conclusions
Qualitative methods are the simplest form of risk analysis. Their advantage is how quickly and easily they provide a result. Qualitative risk analysis accepts the subjectivity of risk analysis, and doesn't require precise asset values.
In our example, we identified opportunities for risk reduction and achieved an understanding of our current state. We can continue to refine the estimates for potential loss, taking into account the probability that a particular risk will occur and the actual costs associated with it. A qualitative approach is valuable because it provides an intuitive sense of the risks and directly correlates risks with mitigating controls. This method of ROR calculation is unique because it pinpoints the security metrics we can later use to verify our decision.
Vendor Recommendations
Enterprise Recommendations
Weitere Informationen erhalten Sie bei der Yankee Group . Bitte wenden Sie sich dafür an reportinfo@yankeegroup.de .