IntaPeople News
New metric created for IT leaders chasing security funds - 17/08/2010
Research company Ponemon Institute has devised a new metric aimed at helping IT departments justify security spend.
The Institute took action after discovering that security and data protection is frequently under-funded within UK businesses as IT managers struggle to adequately demonstrate a return on investment (ROI).
It has subsequently created a new metric called ‘return on prevention’ (ROP), which takes into account the real benefit of technologies and practices in preventing cyber attacks. The ROP takes into account the potential cost of implementing security technology across a business.
A poll of over 400 IT security managers by the Institute gave anti-virus and anti-malware the highest ROP out of 25 security technologies, followed by endpoint security systems, web application firewalls and policy enforcement tools.
Larry Ponemon, chairman and founder of the Ponemon Institute, said that the ROP model should “make it easier for IT and IT security practitioners to make the business case for acquiring enabling security technologies and related control activities”.
Code review tools, log management systems and access governance systems were given the lowest score, though the report stressed that this did not reflect efficiency but cost in comparison to similar practices.