RE: Calculating ROI for a Network/Security Practice
From: Hunteman, Bill (Bill.Hunteman@nnsa.doe.gov)Date: 03/29/02
- Previous message: Carmelo Floridia: "R: Security Internal Network using VLAN"
- Maybe in reply to: tom jones: "Calculating ROI for a Network/Security Practice"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Hunteman, Bill" <Bill.Hunteman@nnsa.doe.gov> To: "'tom jones'" <p0rt_0@yahoo.com>, security-basics@securityfocus.com Date: Fri, 29 Mar 2002 07:22:27 -0500
Although I work for a government agency developing policies, practices, and
architectures for a classified network, I have similar questions/need.
Resources for security technologies and practices must compete with the
other activities and missions of our network and an ROI approach offers a
real opportunity to demonstrate to our senior management that a security
practice is an appropriate allocation of resources. I imagine that our
situation is similar, but clearly not identical to, a commercial situation
where an executive level person or group must make resource allocation
decisions based on the overall needs and missions of the organization.
Just another plea for thoughts and ideas.
"As new discoveries are made, new truths disclosed, and manners and opinions
change with the change of circumstances, institutions must advance also and
keep pace with the times." Thomas Jefferson
-----Original Message-----
From: tom jones [mailto:p0rt_0@yahoo.com]
Sent: Thursday, March 28, 2002 1:54 PM
To: security-basics@securityfocus.com
Subject: Calculating ROI for a Network/Security Practice
Hello,
I was wondering if anyone had a good
process/methodology for determining the ROI for the
network/security practice. More specifically, how to
demonstrate to the executive level that a certain
technology is necessary in their terms: How will it
save our company money? I know this is rather vague
since most technologies will be looked at differently.
For example, a tape backup system might be
communicated as the price to implement vs. the price
of 1+ "major disaters". How could you come up with
the price of a "major disaster"? Another example
(currently working with a client toward) is
implementing an Intrusion Detection System. How would
you demonstrate to managment that looking through
firewall logs all day is not as efficient or effective
as the monitoring of traffic "real-time" with the
added functionality of event analysis?
Thoughts and suggestions are greatly appreciated.
__________________________________________________
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards®
http://movies.yahoo.com/
- Previous message: Carmelo Floridia: "R: Security Internal Network using VLAN"
- Maybe in reply to: tom jones: "Calculating ROI for a Network/Security Practice"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
