Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Network Vulnerability Assessment

You're reading from   Network Vulnerability Assessment Identify security loopholes in your network's infrastructure

Arrow left icon
Product type Paperback
Published in Aug 2018
Publisher
ISBN-13 9781788627252
Length 254 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Sagar Rahalkar Sagar Rahalkar
Author Profile Icon Sagar Rahalkar
Sagar Rahalkar
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Vulnerability Management Governance FREE CHAPTER 2. Setting Up the Assessment Environment 3. Security Assessment Prerequisites 4. Information Gathering 5. Enumeration and Vulnerability Assessment 6. Gaining Network Access 7. Assessing Web Application Security 8. Privilege Escalation 9. Maintaining Access and Clearing Tracks 10. Vulnerability Scoring 11. Threat Modeling 12. Patching and Security Hardening 13. Vulnerability Reporting and Metrics 14. Other Books You May Enjoy

Calculating ROIs

Designing and implementing security controls is often seen as a cost overhead. Justifying the cost and effort of implementing certain security controls to management can often be challenging. This is when one can think of estimating the return-on-investment for a vulnerability management program. This can be quite subjective and based on both qualitative and quantitative analysis.

While the return-on-investment calculation can get complicated depending on the complexity of the environment, let's get started with a simple formula and example:

Return-on-investment (ROI) = (Gain from Investment – Cost of Investment) * 100/ Cost of Investment

For a simplified understanding, let's consider there are 10 systems within an organization that need to be under the purview of the vulnerability management program. All these 10 systems contain sensitive business data and if they are attacked, the organization could suffer a loss of $75,000 along with reputation loss. Now the organization can design, implement, and monitor a vulnerability management program by utilizing resources worth $25,000. So, the ROI would be as follows:

Return-on-investment (ROI) = (75,000 – 25,000) * 100/ 25,000 = 200%

In this case, the ROI of implementing the vulnerability management program is 200%, which is indeed quite a good justifier to senior management for approval.

The preceding example was a simplified one meant for understanding the ROI concept. However, practically, organizations might have to consider many more factors while calculating the ROI for the vulnerability management program, including:

  • What would be the scope of the program?
  • How many resources (head-count) would be required to design, implement, and monitor the program?
  • Are any commercial tools required to be procured as part of this program?
  • Are any external resources required (contract resources) during any of the phases of the program?
  • Would it be feasible and cost-effective to completely outsource the program to a trusted third-party vendor?
You have been reading a chapter from
Network Vulnerability Assessment
Published in: Aug 2018
Publisher:
ISBN-13: 9781788627252
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image