Skip to main content

Save or Share this Report

For Security & Risk Professionals

Measure Information Security Effectiveness — Information Security Economics 103

Analyze Where You Spend Your Money Using The Three R's: Readiness, Response, And Recovery

September 26, 2013

Primary author headshot

Authors

  • By Ed Ferrara
  • with Christopher McClean,
  • Thayer Frechette

Why Read This Report

This is the third in a series of reports providing new methods and guidance for the financial management of information security. For many companies, security spending and budgeting is a restatement of what was spent last year and is often represented as a percentage of total IT spending. Most organizations would benefit from a more practical method of budgeting that segments security spending into one of the three R's: readiness, response, and recovery. Doing this more accurately categorizes security spending and can help security and risk (S&R) pros allocate security resources more accurately and efficiently. For example, if a security team spends the correct amount of resources on readiness, the resources needed for response and recovery should be commensurably lower. This report explains how measuring the changes in spending for these three categories can help determine the effectiveness of your security program.

Get Access

Already a Client?

Log in to read this document.

Become a Forrester Client

Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.

Purchase Report

This report is available for individual purchase ($745 USD).

Purchase

Table of Contents

  • Measure Security Spending Using Three Broad Categories
  • Readiness, Response, And Recovery Ratios Should Dictate Spending
  • WHAT IT MEANS

  • The Three R's Will Help You Step Off The Security Hamster Wheel
  • Supplemental Material
  • Related Research Documents