Information Technology News| IT News India | IT industry

Home > Specials > Security > Features

presented by

Can ROI on security be measured?

In the corporate environment for any purchase we need to explain the return-on-investment (ROI). While ROI in most cases is tangible and can be accounted for, how does one handle this issue while procuring security solutions? We took the viewpoint of our respondents on whether it can be measured and how do they justify ROI on security purchases to their CEOs.

The respondents were equally divided on ROI on security. Half of the respondents said ROI on security could not be measured, while the remaining half said it can be measured through various methods. � ROI on security in tangible terms is measurable. We need a means for proving that the Rupee spent today is saving Rs1+X tomorrow or, in other words, an appreciable return on security investment. We need to calculate information asset value; collect/analyze recurring security spending; collect/analyze incident costs and compare spending changes with new threat/risk assumptions to get the ROI,� says KB Singh, Head �IT, Reliance Energy Ltd.

� ROI on security in tangible terms is measurable" says KB Singh, Head, ITReliance Energy Ltd

�ROI is essentially an abstract concept as far as security is concerned. I personally would like to take the measurements of ROI on security with a pinch of salt,� opines Subhash Palav, general manager � IT, HPCL.

Do CIOs need to justify ROI on security to their CEOs? Around 40 per cent of the CIOs said yes they need to justify, but the majority 60 per cent said that no such justification is sought. According to Sunil Gupta, Sr. Manager (IS) and CIO, Ministry of Steel, Government of India , �There is no need to justify investment in security; information needs to be secured at all costs.�

�Any business project or initiative has to be justified prior to implementation. Some are hygiene projects, some are absolutely essential to carry on business, and some need justification and upon meeting business rules, get implemented. Security porjects follow the same path,� opines RV Ashok, GM-IS, Sundaram - Clayton Ltd

Role of people, processes and policies in making or breaking security
Can we say we are totally secure just installing security solutions? No, said all respondents, deploying security solutions is just the first step of the entire security initiative in an enterprise. It has to be followed by employee awareness and training, robust security policies and processes.

�People are key resource in making or breaking secuirty, their participation, honest feedback will help us improve security measures. Robust security policies are key to sustain growth and success of an enterprise,� opines Jayatirtha Rao, Head-IT, Automotive Axles Ltd.

�Security measures consist of various processes to be followed. These processes need to be reviewed continuously for improvement. Benchmarking regularly also helps in sealing gaps. A robust process with continuous improvement initiatives goes a long way in improving security,� says T G Dhandapani, CIO, Sundaram - Clayton Ltd.

�Robust policies indicate the seriousness of an organization about security initiatives and make employees committed to the implementation of information security within an organization. This will also ensure positive participation from all employees. Thus we feel and subscribe to robust policies,� says CS Murthy, Chief of Information Management, Tata Ryerson .

Employee awareness and commitment
People, processes and policies play a critical role. How are employees educated about the importance of security in the organization and the various security policies that have been formulated?

Most of the organisations run awareness and training programs for their employees on a regular basis to keep them upto date with the various security initiatives and policies. About 10 per cent said that they are contemplating having such programs in the near future.

�We have identified IT Security Policy (ITSP ) co-ordinators, who are educated on various aspects of Security Policy Implementation and are made responsible for imparting the necessary knowledge to others in the department. These Co-ordinators are also single point of contact for the adherence of Security Policy in various departments. Any default in adherence of the Security Policy is considered as serious offense. We are in process of finalizing the penalty action also,� says Subhash Patil, System Manager, Kalyan Dombivli Municipal Corporation.

Intranet, in-house journals, posters, letters, competitions are most commonly adopted for employee awareness across several verticals.

Previous

Next

Product Reviews
Forsa GeForce 7600 GS
Share Music over iTunes

Digital Communication
Go Local For Broadband
RFID: Emulate the Internet

Channel Tech
Super Storage On Its Way
Globalsat GPS gets certified by Dell

	Stop squeezing the data. Use ILM!
	Unify & Rule your Business World with EMC
	Simplify Business Management. ERP solutions by IBM

	How to make your enterprise productive
	Unified Communication can impact business. Know how

	Making Web3.0 a Reality!
	CIOL Enterprise Next :What's NEXT in IT? :
	Decrease Total System Costs With Cyclone IV FPGAs

	Reach your desired Target Audience and realize high ROI
	Effective ways of Customer Acquisition through Demand Generation
	Reach 2,500 potential Enterprise Customers!