Introduction
All organizations, whether private or public, have to justify their budget investment to assess its effectiveness and evaluate it. This evaluation in finance is referred to as return on security investment (ROSI). The calculation of ROSI is
ROSI = Gain from investment-Cost of investment
Cost of Investment
All investments must apply ROSI concept calculation, including in security. In security, ROSI calculation gives quantitative answers to essential questions in finances. ROSI calculation is a combination of the cost of security implementation and assessments of quantitative risks. The results are used to compare annual loss expectancy with expected saving loss. ROSI calculation is formed on the basis of 3 variables which include, solution cost, risk mitigation estimate, and estimated the potential loss.
ROSI is also used in the evaluation of cybersecurity technologies. Decision-makers use ROSI in evaluating security impacts at the bottom line. ROSI is also used in evaluating how much should be spent on security, how a lack of security costs the business, and the solutions that are cost-effective to security (European Network and Information Security Agency, 2012). The cost of the protection should not be more than the benefit gained or accrued. ROSI calculation combines both the implementation of countermeasures of security and assessment of the quantitative risk to evaluate cybersecurity technologies.
ROSI has several limitations. This is because an estimate that is calculated from an estimation of money that is saved from losses is a difficult task. In reality, the application of more than straightforward formulas can help solve the issue. The first limitation is the issue of estimation in which it is a limitation. The rate of occurrences and the cost of incidents involving cybersecurity cannot be readily estimated. Therefore, the numbers are subject to variations according to the different environments. Due to these approximations and estimations, the views of the risk become biased, and therefore, manipulation of ROSI calculation is easy (European Network and Information Security Agency, 2012). It is essential to use accurate data in ROSI calculation. This is, however, not possible to get actual data regarding security incidents since most companies fail to give actual data concerning security incidents.
Lastly, according to a model by Loeb and Gordon, assets that have high value are not supposed to benefit from high investments that protect it. The model shows that ROSI calculation is just an approximation model, and the results of the calculation should be handled carefully. Therefore, organizations and companies should use the results as guidelines instead of using them as strict rules to be followed (European Network and Information Security Agency, 2012). ROSI calculation is, therefore, inaccurate.
ROSI calculation is a critical evaluation of the effectiveness of the costs of the solutions provided in managing cybersecurity. Both private and public organizations have integrated the use of ROSI regarding security. However, ROSI has been used to evaluate security costs. It is, however, not effective due to the limitations it possesses. These limitations are due to the fact that ROSI uses approximations and estimations hence inaccurate data, which in turn gives incorrect results.
Reference
European Network and Information Security Agency. (2012). Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security.
Heraklion, Crete, Greece: Author. Retrieved from https://www.enisa.europa.eu/activities/cert/other-work/introduction-to-return-on-security-investment/at_download/fullReport
Cite this page
Calculating Return on Security Investment (ROSI) - Essay Sample. (2023, Feb 13). Retrieved from https://proessays.net/essays/calculating-return-on-security-investment-rosi-essay-sample
If you are the original author of this essay and no longer wish to have it published on the ProEssays website, please click below to request its removal:
- Glencore Plc Organizational Operational Objectives - Essay Example
- Impact of Conflict and Negotiation on the Organisational Culture of HSBC - Essay Sample
- Paper Example on Johnson & Johnson: Medical Devices, Baby Products & More
- Maximizing Efficiency in a Changing Business Environment: The Benefits of Effective Supply Chain Management
- Essay Example on Launch New Cinema App: Reach Your Target Audience Effectively
- Essay Example on Fee-for-Service: Pros & Cons of Payment Method
- Paper Example on Agile Management: Impacts on Organizational Performance & Public Value