RE: Value of IDS, ROI

• Previous message: Eric Hines: "RE: Value of IDS, ROI"
• In reply to: Bamm Visscher: "Re: Value of IDS, ROI"
• Next in thread: Jason Patel: "Re: Value of IDS, ROI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Bamm Visscher'" <bamm.visscher@gmail.com>, "'Jason Patel'" <patel1210@yahoo.com>, <focus-ids@securityfocus.com>
Date: Thu, 5 May 2005 10:00:26 -0400

In business, you can get ROI in two ways (the same way you make a profit):
either by increasing revenue or decreasing costs. I believe this is a fairly
conventional OPINION (and ultimately a self-defining FACT) in the financial
management world.

To cite an opinion piece about the IT Security cost center's ability to
generate an ROI and claim it is a fact doesn't negate the view of the folks
with the money.

If you can't get ROI by automating an existing manual patch management or
password reset process, you aren't even trying. Ditto if you still have
leased lines and are looking at VPNs.

I agree that ROI for IDS is harder, but if you can find ways to reduce the
spending you are already doing - either by streamlining a complex monitoring
process, reducing the actual number/cost of incidents, or reducing the
capital expenses for the threat management infrastructure.

For all cost centers (which usually include HR, Legal, Facilities, and IT/
IT Security among others) the test for ROI is simple: you can't get ROI if
1) you aren't spending any money on the business process, capital equipment
required, and "exception management" (in security this is generally incident
response and recovery); or 2) you are completely efficient, buy the least
expensive gear, and never have exceptions/incidents.

The real beauty of being in security is that we do have this other measure -
Return on Security Investment - to demonstrate the value of protecting
information assets and their potential loss. Granted, we don't even come
close to being able to leverage the concept, even though sales departments
have been using basically the same formula for their pipeline management for
years.

Anybody looking for further ideas on ROI in security is welcome to send me
an email off-list.

Regards,

Pete

-----Original Message-----
From: Bamm Visscher [mailto:bamm.visscher@gmail.com]
Sent: Wednesday, May 04, 2005 9:44 AM
To: Jason Patel
Cc: focus-ids@securityfocus.com
Subject: Re: Value of IDS, ROI

There is no calculating ROI for security (including IDS) [0]. A CIO
should be able to understand that. Security is about mitigating loss,
much like insurance. You should focus on explaining how your IDS
implementation will help protect the investment your company has made
in IT. An IDS should provide early warnings of a compromise and other
security events. It will also help you quickly determine the scope of
the event, escalate the activity to the correct departments, and the
data gathered will make the remediation effort more efficient.

Bammkkkk

[0]
http://taosecurity.blogspot.com/2004/04/calculating-security-roi-is-waste-of
.html

On 3 May 2005 18:15:19 -0000, Jason Patel <patel1210@yahoo.com> wrote:
>
>
> I was wondering how big companies CIO show their executives Return of
investment on IDS. What is the monitoring strategy for IDS alerts. I am
trying to figure monitoring strategy and how to show my executive that how
important job this is, but cant come up with a convincing solution. Anyhelp
is highly appreciated.
>
> Thanks,
>
> Jason
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------
>
>

-- 
sguil - The Analyst Console for NSM
http://sguil.sf.net
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

• Previous message: Eric Hines: "RE: Value of IDS, ROI"
• In reply to: Bamm Visscher: "Re: Value of IDS, ROI"
• Next in thread: Jason Patel: "Re: Value of IDS, ROI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]