5 things to consider when estimating the ROI on cyber security.



Similar documents
Compliance Guide: PCI DSS

IT Governance: The Directors Cut. What Directors Need to Know

Case Study: Financial Credit Union

Case Study: Managed Security Services Provider

Compliance Guide: ASD ISM OVERVIEW

Case Study: The National Archives UK

Compliance Overview: FISMA / NIST SP800 53

Cyber Risk Reduction: Why Automated Threat Verification is key

Fraud Prevention & I.T. Security

serena.com Serena Change Governance Executive Brief

Driving Growth Through Workforce Empowerment: The Business Case for Integrated HCM

The economics of IT risk and reputation

White Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA

The ROI of Incentive Compensation Management Making the Business Case

Leveraging a Maturity Model to Achieve Proactive Compliance

Document management concerns the whole board. Implementing document management - recommended practices and lessons learned

UNIVERSE. Protect Your. with ArcSight

Cybercrime Security Risks and Challenges Facing Business

AUTOMATED PENETRATION TESTING PRODUCTS

How To Improve Your Security System Of Knowledge (Siem)

The Value of Vulnerability Management*

EHS Management Software Making the right choice for your business

The Business Case for Network Security Policy Management Quantifying the Annual Savings with the AlgoSec Security Management Suite

How To Manage Log Management

W H I T E P A P E R. Reducing Server Total Cost of Ownership with VMware Virtualization Software

10 Critical Requirements for Cloud Applications:

Bridging the HIPAA/HITECH Compliance Gap

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

FIVE PRACTICAL STEPS

The Total Economic Impact Of SAS Customer Intelligence Solutions Real-Time Decision Manager

Gold Sponsor of the study: Incident Response Management

THOMSON REUTERS ACCELUS. Know Your Customer (KYC), Kontrol Your Costs (KYC) and Keep Your Customers (KYC) happy

Cloud Infrastructure Security Management

Best Practices for Building a Security Operations Center

CAPABILITY MATURITY MODEL & ASSESSMENT

WHITE PAPER. Realizing ROI from Your Network Visibility Investment

A CPA recounts exponential growth in Compliance. Mary Ellen McLaughlin

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

BIG SHIFT TO CLOUD-BASED SECURITY

An article on PCI Compliance for the Not-For-Profit Sector

CORE Security and GLBA

serena.com seven ways ppm will change your application development organization

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

White paper September Realizing business value with mainframe security management

IBM Security QRadar Risk Manager

AUTOMATED PENETRATION TESTING PRODUCTS

Governance, Risk, and Compliance (GRC) White Paper

Version 6.1 SYSPRO Wor SYSPRO W kflo kf w lo Services

whitepaper critical software characteristics

IBM Security QRadar Risk Manager

RELIABLE BACKUP TO PROTECT YOUR DATA, YOUR BUSINESS, AND YOUR REPUTATION VERITAS MANAGED BACKUP SERVICES

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

RELIABLE BACKUP TO PROTECT YOUR DATA, YOUR BUSINESS, AND YOUR REPUTATION VERITAS MANAGED BACKUP SERVICES

Scalability in Log Management

Improving Unstructured Data Governance. Ryan Jancaitis Product Management Symantec

The Total Economic Impact Of SecureWorks Security Information And Event Management Service

Complete Patch Management

Module 1 Study Guide

Open Source Software for Cyber Operations:

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

TECH GUYS. Protect Your Practice with a Security Risk Assessment. HCTechGuys.com. HCTechGuys.com TECH GUYS

Is your business secure in a hosted world?

White Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA

Fortify. Securing Your Entire Software Portfolio

IBM QRadar as a Service

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

PCI White Paper Series. Compliance driven security

Avoiding the Top 5 Vulnerability Management Mistakes

Innovation through Outsourcing

Increased Security, Greater Agility, Lower Costs for AWS DELPHIX FOR AMAZON WEB SERVICES WHITE PAPER

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

Technology Lifecycle Management. A Model for Enabling Systematic Budgeting and Administration of Government Technology Programs

IBM Security IBM Corporation IBM Corporation

Protecting betting integrity

Small businesses: What you need to know about cyber security

SAAS VS. ON-PREMISE SECURITY. Why Software-as-a-Service Is a Better Choice for and Web Threat Management

THE HUMAN COMPONENT OF CYBER SECURITY

OVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million.

For personal use only

Managing the Unpredictable Human Element of Cybersecurity

Protecting Malaysia in the Connected world

10 Critical Requirements for Cloud Applications. How to Recognize Cloud Providers and Applications that Deliver Real Value

Reduce IT Costs by Simplifying and Improving Data Center Operations Management

Accelerate Your Enterprise Private Cloud Initiative

FIREMON SECURITY MANAGER

RESEARCH NOTE THE VALUE OF SUBSCRIPTION AND SUPPORT FOR IBM BUSINESS ANALYTICS THE BOTTOM LINE THE CHALLENGE. January 2013.

Establishing a State Cyber Crimes Unit White Paper

Security in the Cloud

Agile ETRM from Allegro

The Total Economic Impact Of D&B Direct

AUSTRALIAN GOVERNMENT INFORMATION MANAGEMENT OFFICE CYBER SECURITY CAPABILITY FRAMEWORK & MAPPING OF ISM ROLES

Developments in cybercrime and cybersecurity

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

WHITE PAPER IMPROVING FIREWALL CHANGES OVERCOME PROCESS AND COMPLEXITY CHALLENGES BY FOCUSING ON THE FIREWALL.

Protect Your Universe with ArcSight

Network Intrusion Prevention Systems Justification and ROI

SOLUTION WHITE PAPER. BMC Manages the Full Service Stack on Secure Multi-tenant Architecture

The Total Economic Impact Of SAS Customer Intelligence Solutions Intelligent Advertising For Publishers

Transcription:

Security ROI in 2015

5 things to consider when estimating the ROI on cyber security. In June 2015, one of Australia s top cyber police officers, Detective Superintendent Arthur Katsogiannis, stated that internet-enabled crime poses the greatest challenge to law enforcement in the 21st century 1. Similarly, in the US, the former CIA and NSA chief Michael Hayden highlighted the challenges faced by governments and businesses in an interview in the Wall Street Journal 2. They are both reflecting on what many organisations have already come to recognise: cybercrime is not only on the rise; it is here to stay. Which means that an organisation that wants to stay one step ahead of the cyber criminals needs to invest in the best security they can afford. Estimating the Return on Investment (ROI) of security investments is not easy. It involves measuring not only the costs avoided or reduced by preventing or detecting a breach such as losing critical data, or a breach so bad that it affects the capitalised value of the enterprise but also the intrinsic benefits of having a security solution. The issue, of course, is that not all security platforms are created equal some provide a far greater ROI. We re proud that Huntsman is one of those. Security ROI involves difficult questions: How do you calculate the value of improving organisational security and ensuring it complies with internal policies and external regulations? How do you assess the impact of a breach that you successfully prevented? What is the cost of a clean-up operation you didn t have to do? Here, we discuss five key factors to consider when looking for maximum ROI from a security platform. 1. CHOOSE HOLISTIC SOLUTIONS OVER POINT SOLUTIONS When comparing security solutions, you will inevitably face the choice of point solutions which address specific threats versus security platforms that meet broader strategic security objectives, for example flexibility and scalability, like Huntsman. Our advice is to look long term. The ROI from point solutions can be negligible, and even offset by the extra time required to learn, configure and operate the solution. Point solutions also expose organisations to a continuous battle to deploy additional solutions to counter subsequent families of threats that emerge with immunity in the future. In contrast, a security platform like Huntsman provides value that is greater than the sum of its parts. 2 2015 Tier-3 Pty Ltd, All rights reserved

2. GET HARD NUMBERS FOR KEY METRICS To justify spending more on security, you need hard numbers for key metrics such as: Total cost of ownership including the support of the security solution; Effective savings from reducing IT risk exposure; Compliance management efficiencies in remediation and audit; Reductions in future staff needs or costs, and benefits from staff redeployment; and Reduced costs through being able to phase out older technologies or processes. 3. INCLUDE RISK-ADJUSTED COSTS AND BENEFITS IN YOUR CALCULATIONS When translating IT security and operational improvements into tangible figures, your business case must factor in risk-adjusted costs such as: The impact of a security breach on system downtime and productivity; The cost of losing (or restoring) valuable IP or confidential data; Any hard benefits attributable to improved risk management or corporate governance, like risk profile, cost of capital or credit rating; Penalties or fines for non-compliance with government and/or industry regulations; and The cost of investigation, remediation, clean-up, communications and recovery (including end customer costs). The calculations typically assign probabilities to risks and estimate the costs of their impacts. So a security solution that makes a risk less likely to occur, or reduces its impact, can show a benefit from the unprotected state. Your business case should also account for common factors that are not part of the ROI justification but are clearly beneficial. These include benefits delivered by: The ability to visualise activity and systems usage across the enterprise to anticipate security issues; Real-time monitoring and control (as against periodic or ad hoc processes); The constant provision of information on compliance status (or a failure to comply); and The time freed up for security staff who no longer need to deal with issues manually, or resolve actual or potential security breaches, and the potential to use more junior or less experienced staff to monitor security. 4. CONSIDER WIDER COST FACTORS Your business case should also include wider cost factors. These can include the level of scalability or flexibility of a solution as an enterprise grows. Most organisations accumulate point solutions over time and accept the costs and inefficiencies of integrating and managing discrete systems or leave them to be managed separately within their respective silos 4. But these systems can represent a poor investment. 3 2015 Tier-3 Pty Ltd, All rights reserved

Superior ROI can come from security systems that reduce those costs by: Integrating information from existing security solutions to provide a broader perspective; Reducing the time spent by staff cross-referencing and managing existing solutions; Eliminating duplication in security collection, analysis and interpretation; Providing sufficient modularity and scalability (thus avoiding the need for constant technology upgrades to deal with increasing data volumes); Integrating and solving workflow and process issues (and not creating new ones); and Intelligently and dynamically investigating and resolving threats, rather than just identifying them. The greatest ROI will come from an approach to security that enables easy integration and interoperability throughout the collection, analysis, monitoring, and reporting process. 4 5. START SMALL AND GROW INCREMENTALLY If the ROI case for a new security solution is tough to make, you should probably think about starting small. Begin with a project that will produce a measurable business benefit that can then be used to build a stronger, evidence-based business case for wider rollout, deployment or expansion. This way, you can keep security simple and manageable. If you choose this path, then your assessment of value should include: The ability to phase deployment and expansion of the security solution; The benefits of removing information silos and integrating all data into a single point for security, compliance, monitoring and control; Savings in existing solutions or reductions in exposures that reduce the likelihood of loss (insurances, for example); and Process efficiencies and operational benefits from more intelligent security operations. SUMMING UP It is now widely recognised that organisations need a holistic approach to cyber security. 5 This can only be achieved with a systematic framework that can be easily managed. Intelligent security investments that fit these criteria enable organisations to improve security and compliance, monitor corporate and IT assets more effectively, and lower the operational costs of those activities. This significantly strengthens the ROI case for their adoption in a way that is clear to business leaders and budget holders as well as technical security teams. 4 2015 Tier-3 Pty Ltd, All rights reserved

REFERENCES 1 The Sydney Morning Herald, June 16, 2015 2 Wall Street Journal, June 21, 2015 - http://www.wsj.com/articles/ michael-hayden-says-u-s-is-easy-prey-for-hackers-1434924058 4 Ibid 5 5 Steps to a More Secure Data Center, Enterprise Systems http:// esj.com/articles/2009/12/08/secure-data-center.aspx?p=1 3 Aberdeen Group Research Brief The Role of Security Information and Event Management (SIEM) in Security, Governance, Risk Management and Compliance (GRC) Huntsman Tier-3 Pty Ltd Asia Pacific EMEA North Asia Americas t: +61 2 9419 3200 t: +44 845 222 2010 t: +81 3 5809 3188 toll free: 1-415-655-6807 e: info@huntsmansecurity.com e: ukinfo@huntsmansecurity.com e: info@huntsmansecurity.com e: usinfo@huntsmansecurity.com Level 2, 11 Help Street 100 Pall Mall, St James TUC Bldg. 7F, 2-16-5 Iwamoto-cho, Suite 400, 71 Stevenson Street Chatswood NSW 2067 London SW1Y 5NQ Chiyoda-ku, Tokyo 101-0032 San Francisco California 94105 huntsmansecurity.com linkedin.com/company/tier-3-pty-ltd twitter.com/tier3huntsman 2015. All rights reserved. Huntsman is a registered Trademark of Tier-3 Pty Ltd

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information