ROI (or Return on Investment) is the key to the budgeting for any project particularly so in IT. We are a cost center in most organization. That doesn’t have to be. While we may spend dollars with the implementation of a project, we also are instrumental in saving the company money. Sometimes what seems like a mundane request from an end-user such as “The colors in this printer doesn’t match the other printer” can lead to a cost savings of over 3.4 million dollars a year in overall printing costs. Wish I saw some of that… maybe a small vacation… perhaps! Other projects have a much more expensive ticket to admission and being able to justify the cost is something you need to be equipped to deal with.

Spending on an Intrusion Detection System is tough. Why? Because there are no real hard up-front savings. IDSs need to be pitched as an insurance policy. You never know when you’re going to need it but when you do you’ll be glad you have it. PKI, and most encryption for that matter, works on the principle that it will take more time to crack the encryption than the information protected is good for. In his book, Time Based Security, author Winn Schwartau applies this concept to Intrusion Detection. If the time that protection mechanisms can withstand attack exceeds the time it takes to detect and effectively respond to attack, then a system can be secured (Schwartau, 1999).

Resources:

Schwartau, W., (1999), Time Based Security, Interpact Press