The Conference Board uses cookies to improve our website, enhance your experience, and deliver relevant messages and offers about our products. Detailed information on the use of cookies on this site is provided in our cookie policy. For more information on how The Conference Board collects and uses personal data, please visit our privacy policy. By continuing to use this Site or by clicking "OK", you consent to the use of cookies. 
Share
Share
Threat, Vulnerability and Consequence: A Framework for Managing Security

 It is difficult to evaluate security expenditures using traditional ROI calculations because the return on security “investments” are not based on tangibles such as profits or incomes. Instead, returns on security investments come in the form of events that do not happen. Companies should use the Security Risk Equation, which defines security risk by three variables: threat, vulnerability, and consequence, as well as the risk-based return on investment (RROI) equation. RROI can be used to evaluate competing proposals for security initiatives.

Support Our Work

Support our nonpartisan, nonprofit research and insights which help leaders address societal challenges.

Donate

OTHER RELATED CONTENT

RESEARCH & INSIGHTS

WEBCASTS

CONFERENCES & EVENTS

Performance Management Conference

Performance Management Conference

December 08 - 09, 2020 | (New York, NY)
Employee Engagement & Experience Summit

Employee Engagement & Experience Summit

October 29 - 30, 2020 | (San Antonio, TX)
AI for Enterprise Marketing

AI for Enterprise Marketing

October 15, 2020 | (New York, NY)
Leadership Excellence Course & Executive Coaching - August

Leadership Excellence Course & Executive Coaching - August

August 04 - 06, 2020 | (New York, NY)

COUNCILS

BLOGS

PRESS RELEASES & IN THE NEWS