Research Paper-Return on Security Investment (ROSI)
This discussion item is part of the Analysis of Alternatives exercise.
Your CISO has asked you to lead a Brown Bag lunch discussion about the costs and benefits of investments in security technologies. The reading assignment for this discussion is: Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security.
You have been asked to prepare a short discussion paper to be used to spark discussion amongst the attendees. Your paper must address the following:
- What is the ROSI calculation?
- How is it used to evaluate cybersecurity technologies?
- What are the limitations of this metric?
- How can this metric be used to evaluate one or more of the technologies selected for study?