In the cybersecurity community, much time is spent trying to speak the language of business, in order to communicate to business leaders our problems. One way we do this is trying to adapt the concept of "return on investment" or "ROI" to explain why they need to spend more money. Stop doing this. It's nonsense. ROI is a concept pushed by vendors in order to justify why you should pay money for their snake oil security products. Don't play the vendor's game.
The correct concept is simply "risk analysis". Here's how it works.
Showing posts with label risk analysis. Show all posts
Showing posts with label risk analysis. Show all posts
Tuesday, August 22, 2017
Friday, February 01, 2013
Risk analysis v. Downtime
Amazon.com experienced an outage yesterday between 2:40 and 3:30 (pm EST). Amazon's revenue is about $5-million per hour. Does that mean Amazon lost $5-million in revenue, or will those customers just wait and come back to try again later?
Generally, it's straight lost revenue. Customers don't come back. At least, that's what large customers from diverse industries tell me.
Generally, it's straight lost revenue. Customers don't come back. At least, that's what large customers from diverse industries tell me.
Subscribe to:
Posts (Atom)