Q

Benefits and cost savings of compliant security controls

What are the benefits or cost savings of implementing security controls that are compliant with regulatory information security compliance requirements during the SDLC versus after an application is already in production or worse, after public disclosure of a security control (or lack thereof) breach? Finding published cost/benefit analysis on this has been fruitless so far.

What are the benefits or cost savings of implementing security controls that are compliant with regulatory information security compliance requirements during the SDLC versus after an application is already in production or worse, after public disclosure of a security control (or lack thereof) breach? Finding published cost/benefit analysis on this has been fruitless so far.
I wish there were a canonical body of literature and statistical study to address what you're asking about directly. The best I can do is to tell you what I do to track this kind of information and suggest you do likewise -- namely, visit your favorite search engine and search on things like "ROI from compliance," "benefits of regulatory compliance," and so forth. I've found lots of interesting articles and reports, but mostly anecdotal, that address these topics (including, for example, Gary Milefsky's nice piece "Benefits of Regulatory Self-assessments" right from SearchCIO.com).

Conventional wisdom argues that prevention is better than cure, and that later cure costs more than earlier cure, so again this supports the notion that implementing earlier should offer better pay-offs than implementing later but I am neither aware of nor can find any studies to prove or disprove this common-sense hypothesis.

This is a very interesting area, in the sense of the Chinese curse, and one that could certainly use more study, so that we could all benefit from the results.

This was first published in October 2006

Dig deeper on Compliance best practices

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close