Return on Security Investment (ROSI) . This discussion item is part of the Analysis of Alternatives exercise. Your CISO has asked you to lead a Brown Bag lunch discussion about the costs and benefits of investments in security technologies. The reading assignment for this discussion is: Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security. You have been asked to prepare a short discussion paper to be used to spark discussion amongst the attendees. Your paper must address the following: What is the ROSI calculation? How is it used to evaluate cybersecurity technologies? What are the limitations of this metric? How can this metric be used to evaluate one or more of the technologies selected for study? (refer back to Week 6) Post your three to five paragraph short paper as a response to this discussion topic. Include APA format citations and references as appropriate to the information used and the sources from which you obtained that information. Reference European Network and Information Security Agency. (2012). Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security. Heraklion, Crete, Greece: Author. Retrieved from

    Come-back on Confidence Boarding

    ROSI Investigation

    ROSI investigation is an evaluation used by twain particular and exoteric constructions to confirm the implicit damage which be saved through a point confidence boarding. The investigation involves differentiating the monetary esteem that an boarding has with monetary esteem that is confused in imperil decrease.  Superfluous imperil toll is used in estimating the imperil of the monetary esteem (UcedaVelez, 2008). The ROSI investigation brings concertedly the require of implementing a point confidence and the superfluous imperil toll so as to collate the annual damage confluence with the damage that is expected to be saved.

    Cyberconfidence Technologies

    Cyberconfidence has grace a main sorrow with construction adopting technologies that thwart axioms damage and damage. The ROSI investigation can be used to evaluate the technologies substance applied in cyberconfidence through indicating how ample an construction should pay restraint the cybersecurity. As-well, the investigation indicates whether the confidence technologies are ample to minimize expected damagees. Through the ROSI investigation determination makers are cogent to confirm benefits and produce from the technologies concertedly with damagees if the confidence is not attributable attributable attributable implemented.

    Limitations of ROSI Investigation

    The ROSI investigation primarily relies on class which is a main unsavoriness if evil-doing estimates are manufactured vital to implicit damagees. Estimating the gentleman require of cyberconfidence using ROSI owing incidents that frighten axioms damage variegate from particular environment to the other. As-well, the estimation can be manipulated abundantly by the users to retort their particular concern thus putting counsel at imperil. ROSI investigation on cyberconfidence technologies uses the Gordon and Loeb copy which depends on abut hence a violent imperil of inaccuracy (UcedaVelez, 2008).

    Evaluation of Technologies

    The ROSI investigation can be used to evaluate technologies such as gross axioms indicating the whole of confidence needed to fortify the axioms. The investigation as-well shows the implicit damage that can be incurred if the gross axioms is injured. Due to the violent share and temper of gross axioms, ROSI illustrates the confidence boarding required and whether the whole substance paid is value it.



    European Network and Counsel Confidence Agency. (2012). Introduction to Come-back on Confidence Boarding: Helping CERTs assessing the require of (bankruptcy of) confidence. Heraklion, Crete, Greece: Author. Retrieved from

    UcedaVelez, T. (2008). What’s the come-back on your confidence boarding?. Journal of Corporate Accounting & Finance, 19(5), 61-67.