SQUARE Project: Cost/Benefit Analysis Framework for Information ...
SQUARE Project: Cost/Benefit Analysis Framework for Information ...
SQUARE Project: Cost/Benefit Analysis Framework for Information ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
5 Conclusions<br />
The objective of the <strong>Cost</strong>/<strong>Benefit</strong> <strong>Analysis</strong> <strong>Framework</strong> is to provide a quantifiable financial<br />
analysis framework that small companies can apply on their security improvement projects.<br />
Within this scope, we show that unmitigated risks can be translated into costs, and we<br />
demonstrate the estimation methods <strong>for</strong> calculating costs of implementation <strong>for</strong> architectural<br />
and policy recommendations. Most importantly, we show through the example of the Acme<br />
Company that small companies can obtain optimal results <strong>for</strong> improving the security of their<br />
systems and the optimal results can be achieved with reasonable reductions in Risk<br />
Exposures. The reductions in Risk Exposures in turn enable small companies to have less<br />
volatility in their Total System Value. The increase in predictability of results by<br />
implementing optimal security solutions will enable small companies to profit from security<br />
improvements and to plan <strong>for</strong> future growth.<br />
CMU/SEI-2004-TN-045 25