Tham khảo tài liệu 'risk management in environment production and economy part 9', kỹ thuật - công nghệ, cơ khí - chế tạo máy phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả | 7 A Comprehensive Risk Management Framework for Approaching the Return on Security Investment ROSI Elvis Pontes Adilson E. Guelfi Anderson A. A. Silva and Sérgio T. Kofuji Laboratory of Integrated Systems Polytechnic School at the University of São Paulo Brazil 1. Introduction For designing cost-effective security strategies organizations need practical and complete frameworks for security and risk management RM with methods for measuring and managing risks within organizations. In the recent years computer systems have become more present in all economic fields improving activities in the industry commerce government and researching areas. For the near future the same growing rate of cyber technology is projected for all those areas Federal Information Security Management Act FISMA 2002 . On the other hand threats for this new way of doing business are also growing significantly hackers computer viruses cyber-terrorists are making headlines daily Internet Crime Complaint Center IC3 2008 . Consequently security has also become priority in all aspects of life including business supported by computer systems Sonnenreich et al 2006 . In this reasoning line some major points may worry researchers technology implementers decision makers and investors 1 the framework to be adopted in organizations for making business secure 2 managing security and risk levels in organizations for making business workable 3 mainly the return of security investment has to be measured to make business profitable. For business when the topic is security it is hard not to consider the associated financial aspect as any other costs time processing electric power throughput etc. Pontes et al 2009a 2009b 2009c 2010 . However for the decision makers it does not matter whether firewalls or soldiers are going to protect the Enterprise Resource Planning ERP system and or other servers. Instead decision makers have to be aware of the costs related to security and the consequences on the bottom line .
