ROI is simply a term people use to express value. It is unlikely that an enterprise security professional will have a choice to dictate what term is used to their CFO or other financial folks.
The SANS paper conflates security ROI (about reduced cost) and ROSI (about reduced risk). More here: http://spiresecurity.typepad.com/spire_security_viewpoint/2009/02/setting-th e-record-straight-on-roi-in-security.html Regards, Pete Pete Lindstrom Research Director Spire Security 610-644-9064 blog: http://spiresecurity.typepad.com > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Martin Roesch > Sent: Friday, February 27, 2009 1:47 PM > To: Ravi Chunduru > Cc: Focus IDS > Subject: Re: ROI on IDS/IPS products > > Bejtlich does lots of writing around security ROI and whether ROI is > even an appropriate term when applied to security spending. Try this > link and have a read. > > http://taosecurity.blogspot.com/search?q=roi > > Marty > > On Fri, Feb 27, 2009 at 12:08 PM, Ravi Chunduru > <[email protected]> wrote: > > I was talking to a junior security administartor working for a big > > telecom company. He said something which is worrying. After few > > years of IPS deployment in particular department, they decided to > > remove IPS devices. It was felt that they did not find enough ROI to > > justify 2 dedicated personnel to monitor and analyze IDS/IPS logs and > > reports. It apperas that no major incidents were detected by network > > IPS devices. they felt that signature coverage is either poor or not > > timely. i also was told that these IPS devices are from industry > > leaders. > > > > Can you share your experiences? Any examples of successful detection > > and prevention of major attacks and penetration by IPS devices. > > > > Thanks > > Ravi > > > > > > > > > > -- > Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 > Sourcefire - Security for the Real World - http://www.sourcefire.com > Snort: Open Source IDP - http://www.snort.org
