CertiGuide to Security+  9  Chapter 0:  Read.Me

Chapter 0:  Read.Me 1 2 3 4 5 0.1  You’re saved….If

Security Costs can be Quantified and Given a Positive ROI

While more on this matter is discussed in the legal chapter, the Secure Business Quarterly⁷ reports, “Results demonstrate that efficient gains greater than 3 percent are realized when introducing appropriate security. The quantifiable benefits are decreased maintenance costs and obvious savings due to the reduction of successful attacks.”

If the functional ROI is not a motivator for you, consider the legal ramifications. Not taking prudent security measures will vary in outcome, depending on your industry. If you are lucky, you will be explaining this as a lesson learned while interviewing for your next job. If you happen to work in an industry⁸ that requires not only security, but also filing a Suspicious Activity Report (SAR) and you fail to do so, you may not have to worry about finding a new job. The Federal government could be providing you a job, along with food, shelter and clothing for a long time in the Iron Bar hotel.

Now that 2004 is here the legal issues are even larger. As Ken Kousky of IP3 Seminars⁹ points out, the Sarbanes-Oxley Act of 2002¹⁰ requires full financial disclosure. Liabilities must be quantified. And there are only two ways to handle liability: out-source it (buy insurance) or your are “self-insuring”, and you must carry that cost on your books.

Ken also has an interesting perspective on how to greatly reduce the liability side of security issues to improve the balance sheet.

Let’s continue our high-level view by considering the next important point.

Chapter 0:  Read.Me 1 2 3 4 5 0.1  You’re saved….If