Think Tank | Demonstrating Return on Security Investment


Demonstrating Return on Security Investment

Think Tank - 11:35 am - 12:00 pm

Many (most?) companies are investing in cyber security.  

Dynamic internal and external landscapes (including threats) require a level of investment to 'stand still' and prevent degradation (i.e. increased risks).  Improving capability to defend against the threats requires even more.

Justification for investment is self-evident to security professionals sponsoring it but often less so to Executive Boards.  How do you explain 'what they will get for the money' - benefits, not widgets? In short, how do you demonstrate return on investment?

Beyond the well-crafted words about better protection and risk reduction, how do you quantifiably measure the predicted and actual benefits in a way that can be consumed and understood by those key decision makers?

This presentation will:

  • Share an approach that has worked well within RSA รข?" from Executives to Internal Audit
  • That we've used to measure and communicate actual and predicted benefits
  • That we've used to prioritise some of our investment

Presented by:

Phillip Gregory, Director, Cyber Resilience Programme, RSA Group View details