Will ROI of Security Ever Stop?
January 24th, 2007 by datasecurity Posted in Compliance
Mike Rothman wants the discussion of ROI of compliance discussion to die. He says that:
The major benefit of compliance is in not getting hacked? That’s ridiculous. The benefit of compliance is in making your auditors go away and ensuring you won’t end up like our friends at TJX
Comments like this make my eyes stretch wide. Make your auditors go away? Sounds like someone “had a bad experience“. I agree with Mike in that, “Strong security will give you compliance” but isn’t this the another way of saying “don’t get hacked”?
Getting hacked is a big thing when it comes to credit card data compromises. It means:
- Fines and penalties
- Potential restricting from accepting credit cards
- Class action lawsuits
- Federal Trade Commission (FTC) intervention
- Issuer cost recovery fines
- Forensic costs
- Compliance remediation costs
That is… just to name a few.
Update: ISACA’s “Return on Security Investment (ROSI)”
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
Sorry, comments for this entry are closed at this time.