Enterprise Security Workshop: (ROSI) - Return on Security Investment at CAST e.V. in Darmstadt

In this year, CAST e.V. turns to more business aspects of information security in its traditional "Enterprise Security" workshop. Often, this context is bundled under the keyword ROSI. The workshop aims to take a critical look at this controversial topic of costs and benefits from a practical perspective, a somewhat academic perspective, as well as from the viewpoint of methods and procedures.

Background:
In 1979, NIST (USA) published initial ideas for discussing IT risks and their financial impacts in the well-known FIPS 65 publication. These ideas have been widely implemented, refined, and further developed in the industry and academia in the following years. The cost consideration of IT security or information security has been highly controversial from the beginning.
Many contributions in the literature refer to the calculation of the effort for securing, that is, the defense measures, in a Return on Security Investment (ROSI) perspective. A possible loss of income for the organization is compared to the protection of the IT assets. The result then involves an estimation between the costs of a successful attack and the security costs. Many companies today follow this approach.

For more information: www.cast-forum.de