80 likes | 157 Views
Security ROI and Conclusions Cisco commissioned custom research project July, 2002 Computer Economics, Inc. CE’s methodology economic threats calculation.
E N D
Security ROI and ConclusionsCisco commissioned custom research projectJuly, 2002Computer Economics, Inc.
CE’s methodologyeconomic threats calculation • Total economic impact projections are modeled on 5 years data and include costs of cleaning systems infected by malicious code, recovery costs from hack attacks/intrusions, lost revenue and lost productivity of employees • Potential economic impact of threats is also determined by whether an organization is of low, medium or high e-business intensity
Annual Economic Impact of Malicious Attacks* *source Computer Economics
CE’s methodology Security costs & ROI • CE has benchmarked the amount of IT budgets spent on security since 1990 • Cost of security includes computer as well as network security products and the cost of personnel • Typical deployments for computer systems include anti-virus and firewalls for desktops, file servers and application servers • Network security deployments typically include firewalls, intrusion detection and packet filters • ROI is difference between total economic impact and total security costs
Annual security cost & ROI** ** source Computer Economics
Key steps for improving security • It is key that upper level managers provide support for security improvement initiatives • An individual or group should be designated to take the lead in the IS security process • IS security policies should be established and documented • An assessment of needs and weaknesses should be initiated • Awareness should be increased via employee training • Effectiveness of security measures should be monitored and evaluated continuously
CE’s observations on SAFE • Security teams can benefit from the concepts* inherent in the SAFE Blueprint *defense in depth; best security practices; modular approach; scalability, etc. • SAFE can serve as a guide to network designers considering security requirements of their networks
Computer Economics’ conclusions • Improving IS security is critical to the operations, reputation and economic stability of any organization • New laws require greater privacy protection • New threats to computer and network security emerge everyday