The Necessity of Determining IT Security ROI

Apr 1 07:34 2008 Sam Miller Print This Article

For many business organizations, briefing up their IT resources is a necessity. Because of the high costs that are often associated with such undertakings, determining IT security ROI is just as important for company executives.

It is undeniable that IT information security now ranks among the highest priorities of business organizations. Determining IT security ROI is an important aspect of this company investment.

RIchard Clarke,Guest Posting former IT security adviser of the White House, was once quoted, "If you spend more on coffee than on IT security, you will hacked. What's more, you deserve to be hacked." This statement is supported by a spending survey conducted by Morgan Stanley IT which revealed that IT security is now the top priority of many business organizations. Moreover, it is now touted as more important than increasing network capacity, integration of enterprise application and Customer Relationship Management (CRM) software installation. Despite this, there is still a perceived reluctance of many company managers to begin adopting IT security measures because of the high costs involved. In fact, many see the need to calculate ROI of IT security first before even considering and approving such an expenditure.

To make matters more complicated, computing IT security ROI is not as easy as determining other metrics. This is attributed to the fact that the benefits of a highly secured information technology network are not often quantifiable. Often times, company executives fail to see and acknowledge the benefits they enjoy for avoiding a damaging security breach. Recognizing the intangible benefits of IT security can be very useful for managers in making decisions regarding future business plans and investments.

A simple approach to determining IT security ROI is to identify the benefits and costs of an IT security investment. These should be placed in two columns, one documenting its pros while the other identifying its cons. Each of these can be assigned values to make assessment easier. Moreover, they can be ranked after their numerical weights are compared. A few of the benefits that can be gained by companies are increased productivity, risk reduction, company credibility, increased productivity, savings in employee salaries as the number of employees can be minimized as a result of an IT security project as well as savings in annual operating costs due to the prevention of security breaches.

Meanwhile, the costs or cons column may include expenses in software implementation, productivity loss during the initial implementation stage, expenses derived from reengineering business processes and internal change management. In addition, to attain IT security access, new IT security policies should be supported by the management. Moreover, internal users or employees should strictly conform to these security policies. Designing an IT disaster recovery plan is also an important factor to be considered when briefing up IT security. Individuals with IT knowledge and expertise should be pre-assigned to recovery teams to revert any disaster from arising.

Business organizations have the option of hiring third parties to help them assess IT security ROI. However, doing so should be done with caution as most of these groups, particularly software vendors, have an optimistic perspective to lure potential customers. Instead, company executives should exercise due diligence by being critical in assessing vertical estimates and by always looking at worst-case scenarios.

Source: Free Guest Posting Articles from

About Article Author

Sam Miller
Sam Miller

If you are interested in IT security ROI, check this web-site to learn more about IT security kpi.

View More Articles