We took a look at 3 different frameworks:
One interesting statement was definitely the one about the cost of security - "Security is very expensive, it will typically cost between 20 and 60% of development effort". To justify this kind of cost, there actually are some measurements you can use, one of them is ROSI (Return On Security Investment). There also is a way you can quantify risk which is pretty straightforward and which will work very nicely when you are working with customers in the financial or investment sector. Security implies a certain risk so as with any other risk you should look at the cost for getting an assurance to protect against the event in which the risk might occur.
No comments:
Post a Comment