This discussion item is part of the Analysis of Alternatives exercise.
Your CISO has asked you to lead a Brown Bag lunch discussion about the costs and benefits of investments in security technologies. The reading assignment for this discussion is: Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security.
You have been asked to prepare a short discussion paper to be used to spark discussion amongst the attendees. Your paper must address the following:
What is the ROSI calculation?
How is it used to evaluate cybersecurity technologies?
What are the limitations of this metric?
How can this metric be used to evaluate one or more of the technologies selected for study?