Return on Investment
Lockstep has been engaged to research and develop specialised ROI models, for the NSW Department of Commerce and the OASIS PKI Technical Committee.
Lockstep citation
Our innovative work on statistical modeling of security ROI (see below) has been cited and further developed by US Department of Defence researchers. See "A Model to Quantify the Return On Investment of Information Assurance (ROIA)", Dr Charley Tichenor, Journal of the Defense Institute of Security Assistance Management (DISAM) volume 29, number 3.
NSW Government Statistical ROI Model
Lockstep was commissioned in 2004 by the NSW Government to research and develop a novel statistical model for estimating security ROI, and to thereby update the government's ROI guide for managers.
Using Monte Carlo techniques, the Lockstep developed model predicts the likely spread in the costs of security breaches both with and without security mitigations, given the inherent variability in (a) likelihood of incidents, and (b) impact of incidents. The model allows practitioners to inject variations in the underlying statistics of breaches, and to set parameters relating to cost and frequency of different grades of incident.
See http://www.gcio.nsw.gov.au/library/guidelines/return-on-security-investment-rosi. The Guidelines posted by the NSW Government CIO are also available below.
OASIS PKI Return On Investment
OASIS (the Organisation for the Advancement of Structured Information Standards) commissioned Lockstep to write a new white paper on ROI for PKI. The research included developing a new "supply chain" model for the delivery of digital certificates. A
