Skip to main content

anton-chuvakin-on-roi

(0 comments)

I was fixing to post on some of the ROI posts floating around, with my usual usual dainty prose. But Anton Chuvakin did a much better job than I could - though it appears he has a ringer on his team.

My favorite quote:

The phrase "return in the form of savings," that I saw on some blog, caused my "in-house economist" to utter a completely unprintable word and then follow up with: "what an idiot! it is either return or savings!"

 

His close is a bit weak, though:

At the same time, I think this debate will be resolved thus: there is rate of return (definition from economics) and there is "ROI/rate of return" (hijacked definition that developed its own life and started to mean simply "usefulness" or "value proposition") There is "ROI" of security and there is no ROI of security...

You can analyze/estimate the value of a security investment. One way to effectively separate out different security investments possibilities and to create scenarios from them. I did a simple comparison of a vpn with and without two-factor authentication. The savings comes from the overall project, then I subtract and AALE from the savings.  You could do different scenarios to see which security investment was "optimal".

Estimating AALE might be problematic, but the exercise would still be beneficial.

ROI is a crappy measure because it does not include an interest rate. While estimating AALE might be difficult, getting your company's weighted-average cost of capital is very simple. (Hint: ask your CFO.)

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom