White Papers for Sarbanes-Oxley (SOX)

Calculating Return on Security Investment (ROSI) with ArcSight Enterprise Security Management Software

Arcsight

With the recent increase in governmental regulations and ever-shrinking budgets, today’s IT managers are being asked to justify their expenditures and determine the ROI of their security infrastructure purchases. There are many ways to measures the value of a security solution. One of the methods used by IT management is the measurement of Return on Security Investment (ROSI).
Simple Return on Investment (ROI) calculations are based on solely on hard dollars. Calculating ROSI is more complicated, in that it depends on both quantitative and qualitative measures. The qualitative approach addresses more of the intangible values of data loss or an expected improvement in operating efficiencies. ROSI calculations, therefore, measure the total value of the security solution, including both the financial impact and the side effects of reducing risk.
By following a hypothetical ArcSight customer – E-Zone – this paper will present a method for measuring the quantitative components of ROSI, including: risk assessment; deriving probability estimates and calculating impact; calculating the cost of implementing security; discounted cash flow analysis; and measuring the target rate of return. The paper will then shift focus onto evaluating the qualitative aspects of ROSI, including: event collection; event analysis; and improving compliance and audit procedures.
After the hypothetical example, the paper will conclude with case studies illustrating how actual ArcSight customers have solved their security challenges using ArcSight ESM.

View the White Paper

Share or bookmarklet this web page at: