Expert Advice Community

Guest

ROSI - interpreting calculated value

  Quote
Guest
Guest user Created:   Nov 20, 2020 Last commented:   Nov 20, 2020

ROSI - interpreting calculated value

Hi I wonder how I should Think when i calculate my ROSI value . If I receive a positive value I should invest in that security correction and if I receive a negative value I should not invest. Have I understood it right?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 20, 2020

First is important to note that the interpretation will depend on how the formula considers the incident costs and security control costs.

For example, in the formula:

ROSI = cost of a realized incident - the cost of needed security controls

the results can be interpreted as you said (i.e., a positive result means that the implementation of security controls is worthy, and a negative result means the implementation is not worthy).

In case the formula is:

ROSI = cost of needed security controls - the cost of a realized incident

The results interpretation would be inverse.

These articles will provide you a further explanation about ROSI:

This material can also help you:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 20, 2020

Nov 20, 2020