1 / 8

CE’s methodology economic threats calculation

Security ROI and Conclusions Cisco commissioned custom research project July, 2002 Computer Economics, Inc. CE’s methodology economic threats calculation.

veda-delgado
Download Presentation

CE’s methodology economic threats calculation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security ROI and ConclusionsCisco commissioned custom research projectJuly, 2002Computer Economics, Inc.

  2. CE’s methodologyeconomic threats calculation • Total economic impact projections are modeled on 5 years data and include costs of cleaning systems infected by malicious code, recovery costs from hack attacks/intrusions, lost revenue and lost productivity of employees • Potential economic impact of threats is also determined by whether an organization is of low, medium or high e-business intensity

  3. Annual Economic Impact of Malicious Attacks* *source Computer Economics

  4. CE’s methodology Security costs & ROI • CE has benchmarked the amount of IT budgets spent on security since 1990 • Cost of security includes computer as well as network security products and the cost of personnel • Typical deployments for computer systems include anti-virus and firewalls for desktops, file servers and application servers • Network security deployments typically include firewalls, intrusion detection and packet filters • ROI is difference between total economic impact and total security costs

  5. Annual security cost & ROI** ** source Computer Economics

  6. Key steps for improving security • It is key that upper level managers provide support for security improvement initiatives • An individual or group should be designated to take the lead in the IS security process • IS security policies should be established and documented • An assessment of needs and weaknesses should be initiated • Awareness should be increased via employee training • Effectiveness of security measures should be monitored and evaluated continuously

  7. CE’s observations on SAFE • Security teams can benefit from the concepts* inherent in the SAFE Blueprint *defense in depth; best security practices; modular approach; scalability, etc. • SAFE can serve as a guide to network designers considering security requirements of their networks

  8. Computer Economics’ conclusions • Improving IS security is critical to the operations, reputation and economic stability of any organization • New laws require greater privacy protection • New threats to computer and network security emerge everyday

More Related