Return on Investment for Information Security
Pesquisa realizada pelo Governo da Austrália sobre Retorno de Investimento em Segurança da Informação, link retirado da lista CISSP-BR.
This Guide and research report is intended to assist government agency IT managers evaluate and quantify the potential Return On Security Investment (ROSI) from implementing perimeter security systems.
The ROSI Guide started as a research project in early 2003, examining available approaches to measuring the cost-benefit of information security. The first version of the Guide proposed a hybrid tool, implemented as an Excel spreadsheet, combining the Annualised Loss Expectancy method with an Australian-standard Threat & Risk Assessment framework.
This latest version of the ROSI Guide describes an extension to the tool introducing "Monte Carlo" statistical analysis of the possible spread in cost-benefit results arising because security incidents vary randomly in their rate of occurrence and their severity. A prototype extended spreadsheet is attached, incorporating freeware Monte Carlo add-ins. Users are able to insert their own values for the expected ranges of incidence and costs for different grades of security incidents, drawing on the actual experience of their respective departments.
This report includes a discussion of how and why statistical variability should be injected into the ROSI model, instructions for running the chosen Monte Carlo tools, example simulations drawn from actual TRA, and an updated reference list to aid with further research into statistical cost-benefit analysis.
http://www.oit.nsw.gov.au/content/7.1.15.ROSI.asp
This Guide and research report is intended to assist government agency IT managers evaluate and quantify the potential Return On Security Investment (ROSI) from implementing perimeter security systems.
The ROSI Guide started as a research project in early 2003, examining available approaches to measuring the cost-benefit of information security. The first version of the Guide proposed a hybrid tool, implemented as an Excel spreadsheet, combining the Annualised Loss Expectancy method with an Australian-standard Threat & Risk Assessment framework.
This latest version of the ROSI Guide describes an extension to the tool introducing "Monte Carlo" statistical analysis of the possible spread in cost-benefit results arising because security incidents vary randomly in their rate of occurrence and their severity. A prototype extended spreadsheet is attached, incorporating freeware Monte Carlo add-ins. Users are able to insert their own values for the expected ranges of incidence and costs for different grades of security incidents, drawing on the actual experience of their respective departments.
This report includes a discussion of how and why statistical variability should be injected into the ROSI model, instructions for running the chosen Monte Carlo tools, example simulations drawn from actual TRA, and an updated reference list to aid with further research into statistical cost-benefit analysis.
http://www.oit.nsw.gov.au/content/7.1.15.ROSI.asp
posted by Michel at quinta-feira, março 23, 2006
0 Comments:
Postar um comentário
<< Home