Abstract:
"The return on security investment has become a qualification of an equation that has not been explored adequately. A common problem faced by cyber security professionals is that they fail to accurately show their cost vs. reward after or before implementing security controls. The Cyber Security industry has been accused in the past of selling an asteroid insurance that may never realise. A lot of companies who has cyber security controls, assume that they may never be breached keeping the statement “ignorance is bliss” true to its worthiness. But once a breach is reported, the victims have no other option but to tighten up their security measures by resorting to post-breach exposure analysis. This study is focused on giving a helping hand to the cyber security managers of a company to effectively manage the cyber security solutions by measuring the return on security investment thereby helping to prevent breaches and attacks before an incident occurs.
An extensive investigation has been carried out and a testbed/ framework has been developed to calculate the return of security investment. This framework also contains links to structured guideline which will assist the users to assess the risk levels once the framework is implemented."