Demonstrating ROI for Penetration Testing (Part One)
This is the first in a series of articles demonstrating ROI (return on investment) for a Pen-Test (penetration test). I am going to take you down a little bit different path initially than you are probably used to, but I have a particular goal in mind of teaching security professionals how to demonstrate ROI for a Pen-Test. If you stay with me through this series the light will dawn and your thinking will be a little bit more in line with how the CxO views spending money on security. I want you to think in terms of traditional project justification rather than only in terms of risk avoidance so that you can blend both points of view when selling the necessity of a Pen-Test. You will have to step into the world of budgeting, cost justification, resource allocation, and learn a few unfamiliar terms. But, it will be well worth it as you learn to speak in management terms.