Found a link over on Mike Rothman's Security Incite referring to Intel's Matthew Rosenquist talk at last week's RSA on their process to justify security investments. And like those old EF Hutten ads from what must be about twenty years ago, When Intel talks about security, IT people listen.
According to Intel, their return on Security Investment (ROSI) has a much higher level of accuracy then any other method currently being used. And while they admit that it's not a one size fits all metric, and most companies only want value measured their way, they say it does offer an empowering view of security value, which is likely a much better approach in the boardroom then the typical security sales pitch of, "Do this or else."
Intel breaks it down into five different topics, which are:
1) Practical Aspects of Measuring Security
2) Getting a Return on IT Security Investment
3) Managing the Effort to Measure Security
4) The Problem of Measuring Information Security
5) The Four Dirty Questions of Measuring Information Security
Definitely a recommended read right here.
Leave a comment