Penetration Testing with an ROI focus

We provide security penetration testing service for network infrastructure, web servers and software applications. Our service goes the extra step by providing an interpretation of the results in terms of ROI (Return on Investment) measured against the investment in appropriate security controls.

IT security controls are probably the only area of investment not currently benchmarked against ROI, being justified primarily by risk rating. Purchase decisions are often made based on TCO (Total Cost of Ownership) amongst competing offers from vendors. The sub-proposition is that such an investment into IT security controls is a given constrained only by budget availability.

Our ROI approach leverages the research currently undertaken by Denny Wan, our principal consultant, at Macquarie University on Cyber Insurance Pricing Strategy under an Australian Commonwealth Scholarship. Cyber Insurance premiums are a good proxy to measure the business value of a particular cyber risk. His research uses the FAIR (Factor Analysis for Information Risk) quantitative cyber risk analysis model from the Open Group to calculate ROI.

In essence, protect what really matters to your business.