Sqrrl Blog

May 14, 2015 12:33:00 PM

Risk Math for Security Investments

Recently, Anup Ghosh wrote an excellent post around optimizing security investments against the kill chain. However, there was one line that stood out for me that I think requires a deeper look

Anup writes "the incident response dollar... is equivalent to one million times an equivalent prevention dollar."

I would argue that this statement is a stretch based on risk math. The equation for risk (from a Bayesian perspective) is often times referred to as:

Read More

Topics: Cybersecurity, Return on Security Investment