Comsec Consulting, a European market leader in information security consulting services, today announced the availability of a specially designed Security Cost Analysis Tool (S.C.A. Tool), to assist in the identification and assessment of the value of security controls and countermeasure investments.
In the process of developing our S.C.A, says Stuart Okin, managing director, Comsec Consulting UK. Tool, weve been surprised by the number of companies who simply have no idea of their security spend. With such scrutiny surrounding every area of an enterprises operation, defining this cost and of course the associated value is vital. Our research has revealed that security leaders estimate that they could be spending between 0.01% to a staggering 6% of revenue on security, when considering information and physical security, as well as fraud detection, prevention and investigation.
The S.C.A. Tool is a unique application, developed in-house by Comsec Consulting, which has been created specifically to enable organisations to identify their overall expenditure on security and to establish whether this investment is effectively meeting their business security requirements.
The Tool assists the enterprise in structuring an approach to gather all the information needed to calculate security costs and risk value, within three primary areas; people and processes, technology and physical controls. The database behind the tool allows analysis of 560 individual parameters which affect over 50 different security control groups, as well as identifying 19 different types of enterprise breach and fraud abuse scenarios. The S.C.A. Tool can be individually customised and is able to provide a clear picture of spend, process and efficiency of an organisations security controls and countermeasures.
The Tool is pre-populated with information gathered from Comsecs experience, as well as publicly available sources of data, which allows the security professional to generate a quick first cut model of potential spend and risk. In combination with Comsecs security methodology, the data is fine tuned with information gathered from different parts of the enterprise. This assists in determining security spend, identifying where duplication or redundant controls lie and details the business impact of security breach losses and internal fraud losses.
D.C.