Printer Friendly

Security ROI: know what to measure.

Too many enterprise managers spend money on security without taking the time to assess the risks and consequences of an attack on the core business value of the enterprise. Enterprise asset security should be the driving force behind return-on-investment (ROI) calculations.

There are formulas to assess the potential costs of security lapses, but the true risks, and therefore the greatest potential ROI on security investments, center around protecting your organization from losses related to three business factors--regulation, revenue and reputation.

Security policies and procedures must satisfy federal, state and local regulatory requirements that hold businesses accountable for secure systems. Among the most wide-ranging new laws: the Gramm Leach Bliley Act governs the privacy of information stored, used and transmitted by banks, brokerages, insurance companies and other financial institutions.

Another federal regulation, the Health Insurance Portability and Accountability Act, is intended to limit fraud and abuse involving private health records. It has significant implications for anyone who handles this information.

A third is 21 CFR Part 11, which refers to the Food and Drug Administration regulations governing electronic signatures and electronics records, and is a critical issue in the pharmarceutical industry.

Whether trying to protect from external or internal threats, auditable security systems must be put in place that specifically address the highest value--highest risk enterprise business assets. Quantify the risk by measuring financial assets against probability.

Related to both regulation and revenue, reputation is the hardest to quantify but potentially the most costly. How will the public react to the theft of your customer lists, identification numbers, patient information or other data? Bad publicity caused by a security breach can literally destroy a company. IT management needs to objectively assess and quantify the risk to the organization's reputation that would be caused by a security breach.

Defining security ROI is not an easy task, but every IT manager is responsible for making business management aware of the true business risk. If you are still building your IT security ROI case on only the cost of staff time and IT resources, you are missing the point. Security must be considered a business investment to protect company assets.

For more information from Getronics:

Bod Pacl is director of services marketing for Getronics, Billerica, Mass.
COPYRIGHT 2003 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2003 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Pacl, Bob
Publication:Communications News
Geographic Code:1USA
Date:Sep 1, 2003
Previous Article:IPS, with IDS, is the best choice.
Next Article:Buyers guide.

Related Articles
You can judge training's ROI.
Back in black: understanding the financial impact of CRM. (Customer Relationship Management).
Perception and deception.
Investing wisely for the future: calculating the return on investment can be useful in supporting the development and implementation of an effective...
Beyond ROI: a new framework for measuring the value of technology investments.
Many happy returns: you can obtain some useful indicators about return on investment (ROI) by focusing on the more easily measured channels such as...
The elusive achievement of IP contact center ROI: ten reasons why contact centers migrating to IP telephony don't hit their ROI projections--and what...
Network members can use online tool to calculate marketing ROI.
If ROI is so important, why don't we measure it?
What's in IT for you (and your company)? Show off your ROI skills by sizing up your company's IT spending.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |