Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Manufacturing Business Technology

advertisement 
Manufacturing Business Technology
March 1, 2006
VIEWS FROM THE FRONT; Apps Protection; Pg. 6
Industry group tackles metrics for ROI on security solutions
By Staff
How to justify security investments-both on the part of software developers and
companies evaluating purchases-is the focus of a new group launched late last year.
The Application Security Industry Consortium (AppSIC) is going after the thorny issue of
ROI on security practices for the full development life cycle, an issue that has proven
difficult to quantify for individual companies.
"We have two specific goals: to provide metric guidance, and deliver a methodology for
evaluating platform and application security," says Herbert Thompson, chairman of
AppSIC, and chief security strategist for technology and services provider Security
Innovation , a member of the consortium.
"Among the challenges are to show value for security activities when we're building
software, and to show customers how to determine value when they're buying,"
continues Thompson. "For the vendors, it's about determining whether adding a security
feature will positively impact the end quality of security-that is, what is our ROI? The
analyst community asks the same thing: how do we know what platforms and systems to
recommend regarding security?"
AppSIC members include representatives from Microsoft, SAP, Oracle, Red Hat,
Gartner, and the Florida Institute of Technology-among others.
The group will map security measures to business needs, as well as the issues that
CEOs and CIOs care about. AppSIC also hopes to elevate discussion above the use of
mere scare tactics for justifying investments. The first set of deliverables includes white
papers on best practices, and a set of questions user companies should ask when
evaluating software purchases.
"We're trying to get people to understand security associated with software applications,"
says Charles Kolodgy, research director with Framingham, Mass.-based IDC , and an
AppSIC member. "As perimeter security has improved, and as people deploy more
defenses in different areas, hackers have decided to attack applications much more than
they used to. We're attempting to assess the risk of applications and find meaningful
metrics for security."
Doug Jacobson, director of the Iowa State University Information Assurance Center,
concurs. "Security is like insurance: it's hard to justify," he says. "AppSIC is bringing that
to the forefront by seeking models that IT people can use to demonstrate potential ROI.
This would go a long way toward making applications more secure."
Related documents
ABSTRACT RESEARCH PAPER: STUDENT:
ABSTRACT RESEARCH PAPER: STUDENT:
Analyzing International Opportunities - UAH
Analyzing International Opportunities - UAH
ULTA Mobile Inventory App Proposal
ULTA Mobile Inventory App Proposal
presentation_5 - Communication on Top
presentation_5 - Communication on Top
2011 Marketing ROI and Measurement Study
2011 Marketing ROI and Measurement Study
Systematic Assembly Analysis and Planning Process
Systematic Assembly Analysis and Planning Process
Getting Results from Your Marketing Communications 2014 Print Management Workshops May 6, 2014
Getting Results from Your Marketing Communications 2014 Print Management Workshops May 6, 2014
Three Simple Secrets to B2B Lead Gen Success in 2015 It's no
Three Simple Secrets to B2B Lead Gen Success in 2015 It's no
ZSCM REPORT
ZSCM REPORT
Marketing ROI - GrowthPhases
Marketing ROI - GrowthPhases
Validating The Effectiveness Of The Training In Practice
Validating The Effectiveness Of The Training In Practice
How to Choose the Right Digital Marketing Agency
How to Choose the Right Digital Marketing Agency
Download
advertisement