Return on Security Investment (ROSI) . This discussion item is part of the Analysis of Alternatives exercise. Your CISO has asked you to lead a Brown Bag lunch discussion about the costs and benefits of investments in security technologies. The reading assignment for this discussion is: Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security. You have been asked to prepare a short discussion paper to be used to spark discussion amongst the attendees. Your paper must address the following: What is the ROSI calculation? How is it used to evaluate cybersecurity technologies? What are the limitations of this metric? How can this metric be used to evaluate one or more of the technologies selected for study? (refer back to Week 6) Post your three to five paragraph short paper as a response to this discussion topic. Include APA format citations and references as appropriate to the information used and the sources from which you obtained that information. Reference European Network and Information Security Agency. (2012). Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security. Heraklion, Crete, Greece: Author. Retrieved from

    Return on Security Investment

    ROSI Calculation

    ROSI calculation is an evaluation used by both private and public organizations to identify the potential loss which be saved through a particular security investment. The calculation involves differentiating the monetary value that an investment has with monetary value that is involved in risk reduction.  Quantitative risk assessment is used in estimating the risk of the monetary value (UcedaVelez, 2008). The ROSI calculation brings together the cost of implementing a particular security and the quantitative risk assessment so as to compare the annual loss expectancy with the loss that is expected to be saved.

    Cybersecurity Technologies

    Cybersecurity has become a major concern with organization adopting technologies that prevent data loss and damage. The