Information Technology Reference
In-Depth Information
n
n
−
The Open Group Architectural Framework (TOGAF)
Federal Enterprise Architecture (FEA) Framework
For example, FEA Reference Models (RMs)
Performance Reference Model (PRM)
Business Process Reference Model (BRM)
Service Components Reference Model (SRM)
Technical Reference Model (TRM)
Data Reference Model (DRM)
n
n
n
n
n
12.7
roi Framework
Return on investment boils down to two basic perspectives:
revenue
and
cost
. A
business function, technology, security service, or IA mechanism contributes to
either the sustainment or increase of revenue, or the decrease or avoidance of cost.
Showing a positive ROI is an objective representation of business value. The IA
instance of ROI is return on security investment (ROSI). Any business endeavor
includes risk. Security addresses business risk. The challenges are to:
n
n
n
−
−
−
−
Identify risk
Quantify risk
Manage risk via:
Share, e.g., interorganization cooperative (co-op)
Transfer, e.g., E-risk insurance
Accept, e.g., cost of other options > cost of potential loss
Mitigate, e.g., invest in security services and mechanisms
The bottom line for most organizations is money. Even if there is a more altruis-
tic motivation behind organizational mission, money is still a major driving factor.
Organizational risks ultimately trace to revenue and cost. Security measures that
address risk align with revenue benefits or cost benefits. The following ROI frame-
work presents the revenue and cost benefits:
n
−
Revenue
Revenue increase
Customer satisfaction; past performance leads to opportunities for
new sales.
n
Ignoring risk is implicit acceptance.
