go to NIST home page go to CSRC home page go to Focus Areas page go to Publications page go to Advisories page go to Events page go to Site Map page go to ITL home page CSRC home page link
header image with links

  ROSI Home page
 
  June 30, 2003
  IT Security Capital Investment
  Planning Workshop
 
  June 4, 2003
  IT Security Capital Investment
  Planning Workshop
 
  Submit ROSI Ideas
 

  CSRC Pages

  -  CSRC Homepage
  -  ICAT Vulnerability Database
  -  Vulnerability/Threat Advisories
  -  Site Map
  -  Virus Information

  Search CSRC

  Search:  


  Search Vulnerability
      Archive
     Enter vendor, software, or keyword
   
   
Return on Security Investment (ROSI) image
IT Security Capital Investment Planning

Update as of July 28, 2004

As most computer security professionals are aware, making the case to invest in computer security is difficult at best. Defining clearly the internal rate of return for each computer security investment is critical for all organizations to be able to invest properly in specific computer security implementations.

But, what constitutes appropriate inputs for IT Security Capital investment planning? How is the process approached? What is the most effective way to integrate security into the process?

NIST has developed a draft guideline for Federal agencies to use to support successful integration of security into the capitol investment planning process.

NIST Comments on the draft are requested by August 12th to: sec-cpic@nist.gov . The draft guideline is available in .PDF format.

July 7, 2004 - DRAFT Special Publication 800-65, Integrating Security into the Capital Planning and Investment Control Process. Adobe.PDF File (3340 KB)
 :
Last updated: August 3, 2004
Page created: April 16, 2002
Disclaimer Notice & Privacy Policy
Send comments or suggestions to webmaster-csrc@nist.rip
NIST is an Agency of the U.S. Commerce Department's Technology Administration