Ask the Expert

Benefits and cost savings of compliant security controls

What are the benefits or cost savings of implementing security controls that are compliant with regulatory information security compliance requirements during the SDLC versus after an application is already in production or worse, after public disclosure of a security control (or lack thereof) breach? Finding published cost/benefit analysis on this has been fruitless so far.

    Requires Free Membership to View

I wish there were a canonical body of literature and statistical study to address what you're asking about directly. The best I can do is to tell you what I do to track this kind of information and suggest you do likewise -- namely, visit your favorite search engine and search on things like "ROI from compliance," "benefits of regulatory compliance," and so forth. I've found lots of interesting articles and reports, but mostly anecdotal, that address these topics (including, for example, Gary Milefsky's nice piece "Benefits of Regulatory Self-assessments" right from

Conventional wisdom argues that prevention is better than cure, and that later cure costs more than earlier cure, so again this supports the notion that implementing earlier should offer better pay-offs than implementing later but I am neither aware of nor can find any studies to prove or disprove this common-sense hypothesis.

This is a very interesting area, in the sense of the Chinese curse, and one that could certainly use more study, so that we could all benefit from the results.

This was first published in October 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: