Monday, February 25, 2013
Evaluating Security ROI from the Threat Actor’s Perspective
Evaluating Security ROI from the Threat Actor’s Perspective - We Have Finite Resources...We Can Not Protect Everything! Consequences: Value & Replaceability. With the breach -a-week over the last two years, the key determinate was nothing YOU did... but rather was WHO was after you.Why ROI and ROSI have failed us. Return on Security Investment (ROSI) created as a well intentioned way to apply risk metrics to ROI. Adversaries care if *they* can get a return on investment from an attack, not you.