How is it used to evaluate cybersecurity technologies?

This discussion item is part of the Analysis of Alternatives exercise.

Your CISO has asked you to lead a Brown Bag lunch discussion about the costs and benefits of investments in security technologies. The reading assignment for this discussion is: Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security.

You have been asked to prepare a short discussion paper to be used to spark discussion amongst the attendees. Your paper must address the following:

What is the ROSI calculation?
How is it used to evaluate cybersecurity technologies?
What are the limitations of this metric?
How can this metric be used to evaluate one or more of the technologies selected for study? (refer back to Week 6)
Post your three to five paragraph short paper as a response to this discussion topic. Include APA format citations and references as appropriate to the information used and the sources from which you obtained that information.

Reference

European Network and Information Security Agency. (2012). Introduction to Return on Security Investment: Helping CERTs assessing the cost of (lack of) security. Heraklion, Crete, Greece: Author. Retrieved from https://www.enisa.europa.eu/activities/cert/other-work/introduction-to-return-on-security-investment/at_download/fullReport