Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Value of IDS, ROI

from [Pete Lindstrom] Network Security [Permanent Link]
Subject: RE: Value of IDS, ROI
Date: Thu, 5 May 2005 10:00:26 -0400 
In business, you can get ROI in two ways (the same way you make a profit):
either by increasing revenue or decreasing costs. I believe this is a fairly
conventional OPINION (and ultimately a self-defining FACT) in the financial
management world. 

To cite an opinion piece about the IT Security cost center's ability to
generate an ROI and claim it is a fact doesn't negate the view of the folks
with the money.

If you can't get ROI by automating an existing manual patch management or
password reset process, you aren't even trying. Ditto if you still have
leased lines and are looking at VPNs. 

I agree that ROI for IDS is harder, but if you can find ways to reduce the
spending you are already doing - either by streamlining a complex monitoring
process, reducing the actual number/cost of incidents, or reducing the
capital expenses for the threat management infrastructure. 

For all cost centers (which usually include HR, Legal, Facilities, and IT/
IT Security among others) the test for ROI is simple: you can't get ROI if
1) you aren't spending any money on the business process, capital equipment
required, and "exception management" (in security this is generally incident
response and recovery); or 2) you are completely efficient, buy the least
expensive gear, and never have exceptions/incidents.

The real beauty of being in security is that we do have this other measure -
Return on Security Investment - to demonstrate the value of protecting
information assets and their potential loss. Granted, we don't even come
close to being able to leverage the concept, even though sales departments
have been using basically the same formula for their pipeline management for
years.

Anybody looking for further ideas on ROI in security is welcome to send me
an email off-list.

Regards,

Pete




-----Original Message-----
From: Bamm Visscher [mailto:bamm.visscher@gmail.com] 
Sent: Wednesday, May 04, 2005 9:44 AM
To: Jason Patel
Cc: focus-ids@securityfocus.com
Subject: Re: Value of IDS, ROI

There is no calculating ROI for security (including IDS) [0]. A CIO
should be able to understand that. Security is about mitigating loss,
much like insurance. You should focus on explaining how your IDS
implementation will help protect the investment your company has made
in IT. An IDS should provide early warnings of a compromise and other
security events. It will also help you quickly determine the scope of
the event, escalate the activity to the correct departments, and the
data gathered will make the remediation effort more efficient.

Bammkkkk

[0]
http://taosecurity.blogspot.com/2004/04/calculating-security-roi-is-waste-of
.html


On 3 May 2005 18:15:19 -0000, Jason Patel <patel1210@yahoo.com> wrote:



I was wondering how big companies CIO show their executives Return of

investment on IDS. What is the monitoring strategy for IDS alerts. I am
trying to figure monitoring strategy and how to show my executive that how
important job this is, but cant come up with a convincing solution. Anyhelp
is highly appreciated.


Thanks,

Jason

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------





-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Value of IDS, ROI, Eric Hines
Next by Date:  Re: Router/Switches and viruses, Robert Holtz
Previous by Thread:  Re: Value of IDS, ROI, Bamm Visscher
Next by Thread:  Re: Value of IDS, ROI, Bob Huber
Indexes:  [Date] [Thread] [Top] [All Lists]