Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ROSI

from [Nick Owen] Network Security [Permanent Link]
Subject: Re: ROSI
Date: Mon, 17 Jan 2005 14:59:36 -0500 
Zaklinka:

You won't be able to find much, if anything about the economics of
implementing BS 7799 because I suspect that each implementation would be
very different and that no one has aggregated the information - perhaps
because few companies actually track it.  Rather, they are forced to
comply to some standard by a large customer or a government regulation.

As for ROSI, I'm not a fan of ROI and its ilk as it can lead to
distortions in decision making, in particular for info sec.  Information
security investments should be about risk mitigation and ROI doesn't
take risk into account.  Say you have two projects:  invest $20k and
return $2k/period and invest $10k and return $1k/period.  The ROI and
payback are the same.  But, if the first project is riskier than the
second, you should do the second. ROI won't tell you that.  Using a Cap
rate, NPV, IRR or economic profit would.

You can read more at my (new) blog:
http://www.wikidsystems.com/WiKIDBlog, 

HTH,

nick

On Sat, 2005-01-15 at 12:14 +0100, Zaklina Supica wrote:

Hi,

 

I'm very interested in some data about ROSI in general, and some
figures ($) about ROSI and BS 7799 complied ISMS (if they exist).



Thanks,



Zaklina Supica

Tel: +385 1 6129 781
Fax: +385 1 6129 889

http://security.lss.hr 

 





-- 
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Reviewing Policies and Procedures, Miller, Joseph
Next by Date:  RE: ROSI, Zaklina Supica
Previous by Thread:  ROSI, Zaklina Supica
Next by Thread:  RE: ROSI, Zaklina Supica
Indexes:  [Date] [Thread] [Top] [All Lists]