tailieunhanh - Return On Security Investment (ROSI): A Practical Quantitative Model
The purpose of this paper is to examine the relationships among returns of various sub-indexes in the Istanbul Stock Exchange by using various methods. In particular, we look at the extent to which various sub-indexes are cointegrated or not by using three different methods. For the first two, Engle and Granger’s (1987) single equation models and Johansen’s (1988) multivariate cointegration methods are the among the most commonly used methods for assessing long-run relationships. Kamstra, Kramer and Levi (2003) suggest that seasonality does exist in the stock market, and addressing the seasonality in the data could alter the. | Return On Security Investment ROSI A Practical Quantitative Model Wes Sonnenreich SageSecure LLC 116 W. 23rd St. 5th Floor NYC NY 10011 wes@ A summary of Research and Development conducted at SageSecure by Wes Sonnenreich Jason Albanese jpa@ and Bruce Stout bstout@ ABSTRACT Organizations need practical security benchmarking tools in order to plan effective security strategies. This paper explores a number of techniques that can be used to measure security within an organization. It proposes a benchmarking methodology that produces results that are of strategic importance to both decision makers and technology implementers. 1. INTRODUCTION In a world where hackers computer viruses and cyber-terrorists are making headlines daily security has become a priority in all aspects of life including business. But how does a business become secure How much security is enough How does a business know when its security level is reasonable Most importantly what s the right amount of money and time to invest in security Executive decision-makers don t really care whether firewalls or lawn gnomes protect their company s servers. Rather they want to know the impact security is having on the bottom line. In order to know how much they should spend on security they need to know How much is the lack of security costing the business What impact is lack of security having on productivity What impact would a catastrophic security breach have What are the most cost-effective solutions What impact will the solutions have on productivity Before spending money on a product or service decisionmakers want to know that the investment is financially justified. Security is no different -- it has to make business sense. What decision-makers need are security metrics that show how security expenditures impact the bottom line. There s no point in implementing a solution if its true cost is greater than the risk exposure. This paper will present a model for .
đang nạp các trang xem trước