Using ROSI to evaluate cybersecurity technologies
Being able to demonstrate ROI on security investments to the board is one of the tasks every CISO encounters. And it is not without its challenges. Intelligent CISO spoke to a number of industry experts who offer some best practice advice to CISOs about how to tackle this challenge.
Why is it important to be able to use ROSI to evaluate cybersecurity technologies?
Carolyn Crandall, Chief Deception Officer at Attivo Networks
CFOs and CEOs would be ecstatic to see detailed and specific ROSI, especially if it could be boiled down to a dollar figure. This would streamline budget assignment and approvals as you could easily calculate a quantifiable benefit. The challenge is that security is much like insurance, you hate to spend the money on it but are extremely grateful that you have it when needed.
Ultimately, security is more of a risk calculation. How much risk are you taking and what are the consequences if you don’t invest. Fines, insurance hikes, lost revenue, hit to brand reputation and incident response costs can be calculated, however assigning ROSI to one device can be hard as security is a system and only one chink in the armour can bring the whole system down.
To use an American football analogy, it is like playing the game without a kicker to kick in the field goal. Security can be compared to being in the final seconds of the game, but without the kicker, you need to run the play, which can be more complex and riskier. If you have the kicker, you win, without the kicker you may not.
Is it a guarantee? No, but the odds are less favourable when you don’t have the resources best suited for the need. The concept of a kicker and security are similar, there is no silver-bullet so you need all the positions covered. If you try to shortcut it, it may be all the opponent needs to win. Game over…
Free Active Directory Assessment
Get Visibility Into Privilege And Service Account Exposure
For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.
Try Our Endpoint Detection Net (EDN) for Free
FAST AND EASY
Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.
ADSecure 90-Day Free Trial
GET PROTECTION AGAINST UNAUTHORIZED ACCESS TO ACTIVE DIRECTORY
- Hide and deny access to AD objects
- Get alerted on unauthorized queries
- Attack details easily viewable in dashboard
- Your data remains on-premise