ROI der IT-Sicherheit

New Qualitative Model Helps Measure Security Risk Reduction

Von Phebe Waterfield

We estimate that adding the vulnerability assessment service will increase the effectiveness of our confidentiality, integrity and availability controls by 10 percent. This translates to a 10 percent reduction in the number or severity of reported vulnerabilities or a 10 percent reduction in downtime.


Qualitative methods are the simplest form of risk analysis. Their advantage is how quickly and easily they provide a result. Qualitative risk analysis accepts the subjectivity of risk analysis, and doesn't require precise asset values.

In our example, we identified opportunities for risk reduction and achieved an understanding of our current state. We can continue to refine the estimates for potential loss, taking into account the probability that a particular risk will occur and the actual costs associated with it. A qualitative approach is valuable because it provides an intuitive sense of the risks and directly correlates risks with mitigating controls. This method of ROR calculation is unique because it pinpoints the security metrics we can later use to verify our decision.

Vendor Recommendations

Enterprise Recommendations

Weitere Informationen erhalten Sie bei der Yankee Group . Bitte wenden Sie sich dafür an .

Zur Startseite