24 Apr 2007
Return on Information Security Investment (ROISI), perhaps more commonly if less accurately known as ROI or ROSI, is one of those topics that is often discussed but never truly resolved. It has been declared a zombie topic on CISSPforum for that reason: we're tired of hearing the same old arguments re-hashed every few months. That said, we are always open to new angles on the old saw. Masters student Adrian Mizzi took a long hard look at ROISI and wrote his thesis around it. Adrian's model involves finding an optimal investment choice by balancing three key factors: “Viability of Expenditure”, “Successfulness of Attack” and “Motivation to Attack”. Adrian's thesis has been published as a book ($37) or PDF ($25) for those who are interested in some primary and secondary research on this important topic.