RealNews

The New Economics of Information Security

As any victim of a significant cyberattack will tell you, there’s a financial dimension to these crimes. Even for nonvictims, there’s an obvious financial hit a company takes in implementing security measures to prevent losses. Those firewalls cost money and so do the salaries of the security professionals who manage them. Unfortunately, relatively little attention has been paid to the economics of information security. There’s occasional discussion of exorbitant losses in the more spectacular cases, but what about the indirect costs and negative impact on companies’ reputations? Information-security managers trying to defend budget requests have sometimes talked about return on investment, but only with mixed results. After all, what exactly is the ROI of a firewall? In a similar vein, you don’t usually hear information-security managers talk about capital-budgeting techniques, like the net present value or internal rate of return, as applied to investments in infrastructure assets for information security. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.