Presentation is loading. Please wait.

Presentation is loading. Please wait.

Return On Security Investment Taz Daughtrey Becky Neary James Madison University EDUCAUSE Security Professionals Workshop May 18, 2004 Copyright Taz Daughtrey.

Published byTracey Goodman Modified over 9 years ago

Similar presentations

Presentation on theme: "Return On Security Investment Taz Daughtrey Becky Neary James Madison University EDUCAUSE Security Professionals Workshop May 18, 2004 Copyright Taz Daughtrey."— Presentation transcript:

1 Return On Security Investment Taz Daughtrey Becky Neary James Madison University EDUCAUSE Security Professionals Workshop May 18, 2004 Copyright Taz Daughtrey 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.

2 Return On Security Investment Taz Daughtrey Associate Director Becky Neary Student Assistant Institute for Infrastructure and Information Assurancewww.jmu.edu/iiia James Madison University Harrisonburg, Virginia

3 R eturn O n S ecurity Investment Investment

4 A SSETS T HREATS V ULNERABILITIES C OUNTERMEASURES I NVESTMENTS E VALUATION A SSETS C OUNTERMEASURES T HREATS I NVESTMENTS V ULNERABILITIES E VALUATION

5 C ONFIDENTIALITY : Preserving authorized restrictions on access and disclosure. I NTEGRITY : Guarding against improper modification or destruction A VAILABILITY : Ensuring timely and reliable access and use FIPS PUBLICATION 199, Standards for Security Categorization of Federal Information and Information Systems Achieving Security Objectives

6 A loss of confidentiality is the unauthorized disclosure of information. A loss of integrity is the unauthorized modification or destruction of information. A loss of availability is the disruption of access to or use of information or an information system. FIPS PUBLICATION 199, Standards for Security Categorization of Federal Information and Information Systems Not Achieving Security: Consequences

7 Return Return Return On Investment = --------------- Investment Investment

8 Benefit Benefit R O I = --------------- Cost Cost

9 “How much to spend?” “Where to spend it?” R eturn O n S ecurity I nvestment I nvestment

10 Risk Management Risk Exposure = Probability of occurrence X Consequence of occurrence

11 Risk Management Risk Avoidance  reducing probability of occurrence of occurrence Risk Mitigation  reducing consequence of occurrence

12 Risk Avoidance X Consequence of occurrence Risk Exposure = Probability of occurrence

13 Before Risk Avoidance

14 After Risk Avoidance

15 Risk Mitigation Risk Exposure = Probability of occurrence X Consequence of occurrence

16 Before Risk Mitigation

17 After Risk Mitigation

18 Return Return Return On Investment = --------------- Investment Investment

19 Reduction in Risk Exposure Reduction in Risk Exposure R O S I = ---------------------------------- Investment in Countermeasures Investment in Countermeasures

20 Costs of achieving security COST OF SECURITY Costs of not achieving security  Prevention  Appraisal  Detection  Containment  Recovery  Remediation

21 Pay me now, or pay me later "A small security review up front might cost $100,000, while an emergency response to an incident after the fact could run $350,000 to $500,000.".

22 Return on Security Investment breaches

23 Return on Security Investment exploited vulnerability

24 Return on Security Investment known vulnerabilities exploited

25 Return on Security Investment known vulnerabilities unexploited exploited

26 Return on Security Investment known vulnerabilities = 2437 exploited According to one study, last year … = 50 2%

27 Return on Security Investment known vulnerabilities = 4200 exploited According to another source … = 16 Less than half of 1%

28 “How much to spend?” “Where to spend it?” R eturn O n S ecurity I nvestment I nvestment

29 Conclusion We all face a real and growing threat to our critical infrastructures We all face a real and growing threat to our critical infrastructures Best defensive approaches combine attention to cyber and physical aspects Best defensive approaches combine attention to cyber and physical aspects Significant achievements can be orchestrated through collaborations Significant achievements can be orchestrated through collaborations

30 Return On Security Investment Taz Daughtrey James Madison University 540 568 2778 daughtht@jmu.edu

Download ppt "Return On Security Investment Taz Daughtrey Becky Neary James Madison University EDUCAUSE Security Professionals Workshop May 18, 2004 Copyright Taz Daughtrey."

Similar presentations

Campus Video Services Alliance: A Strategic Partnership and Its Effects Copyright Jim Duncan and Molly Langstaff 2004. This work is the intellectual property.

Campus Video Services Alliance: A Strategic Partnership and Its Effects Copyright Jim Duncan and Molly Langstaff This work is the intellectual property.
What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Supporting and Hosting Web- Based Learning Systems Educause 2001 Charlene Douglas – Director Kathryn Gomm - Training Manager Sharon McCarrager – Accessibility.

Supporting and Hosting Web- Based Learning Systems Educause 2001 Charlene Douglas – Director Kathryn Gomm - Training Manager Sharon McCarrager – Accessibility.
NEW REVENUES AND ACADEMIC VALUES: OLD AND NEW CHALLENGES IN HIGHER EDUCATION David Ward President American Council on Education Chancellor Emeritus, University.

NEW REVENUES AND ACADEMIC VALUES: OLD AND NEW CHALLENGES IN HIGHER EDUCATION David Ward President American Council on Education Chancellor Emeritus, University.
Copyright (Diana Stuart Sinton, 2005). This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright (Diana Stuart Sinton, 2005). This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Copyright Sue R. Bauer, Ed.D. 2006. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Sue R. Bauer, Ed.D This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Associated Colleges of the South The Orpheus Alliance A Music Collaborative: Phase II Educause Midwest Regional Conference March 25, 2003, Chicago Patricia.

Associated Colleges of the South The Orpheus Alliance A Music Collaborative: Phase II Educause Midwest Regional Conference March 25, 2003, Chicago Patricia.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
Security Awareness: Taking the Medicine and Liking It Shirley C. Payne Director for Security Coordination University of Virginia EDUCAUSE Conference October.

Security Awareness: Taking the Medicine and Liking It Shirley C. Payne Director for Security Coordination University of Virginia EDUCAUSE Conference October.
1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.

1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.
Center for Instructional Technology James Madison University Strategies for Transitioning to the Age of Digital Media Sarah E. Cheverton James Madison.

Center for Instructional Technology James Madison University Strategies for Transitioning to the Age of Digital Media Sarah E. Cheverton James Madison.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,

1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,
The Team Approach: A Paradigm Shift for Designing Successful Online Courses NERCOMP 2005 College for Lifelong Learning, Manchester, NH.

The Team Approach: A Paradigm Shift for Designing Successful Online Courses NERCOMP 2005 College for Lifelong Learning, Manchester, NH.
EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.

EDUCAUSE April 25, 2006Enforcing Compliance with Security Policies … Enforcing Compliance of Campus Security Policies Through a Secure Identity Management.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
Creating A More Educated Georgia Plagiarism Detection: Is Technology the Answer? USG Surveys 2003-2007 Liz Johnson Project Manager Advanced Learning Technologies.

Creating A More Educated Georgia Plagiarism Detection: Is Technology the Answer? USG Surveys Liz Johnson Project Manager Advanced Learning Technologies.

Similar presentations

Ads by Google