Comsec Consulting Launches Unique Security Cost Analysis Tool (S.C.A.T) To Assess And Advise On Security Investments

London – 29th September 2009 – Comsec Consulting, a European market leader in information security consulting services, today announced the availability of a specially designed Security Cost Analysis Tool (S.C.A. Tool), to assist in the identification and assessment of the value of security controls and countermeasure investments.

Stuart Okin, Managing Director, Comsec Consulting UK, said, “In the process of developing our S.C.A. Tool, we’ve been surprised by the number of companies who simply have no idea of their security spend.  With such scrutiny surrounding every area of an enterprise’s operation, defining this cost and of course the associated value is vital. Our research has revealed that security leaders estimate that they could be spending between 0.01% to a staggering 6% of revenue on security, when considering information and physical security, as well as fraud detection, prevention and investigation.”

The S.C.A. Tool is a unique application, developed in-house by Comsec Consulting, which has been created specifically to enable organisations to identify their overall expenditure on security and to establish whether this investment is effectively meeting their business security requirements. 

The Tool assists the enterprise in structuring an approach to gather all the information needed to calculate security costs and risk value, within three primary areas; people and processes, technology and physical controls.  The database behind the tool allows analysis of 560 individual parameters which affect over 50 different security control groups, as well as identifying 19 different types of enterprise breach and fraud abuse scenarios. The S.C.A. Tool can be individually customised and is able to provide a clear picture of spend, process and efficiency of an organisation’s security controls and countermeasures.

The Tool is pre-populated with information gathered from Comsec’s experience, as well as publicly available sources of data, which allows the security professional to generate a quick first cut model of potential spend and risk. In combination with Comsec’s security methodology, the data is fine tuned with information gathered from different parts of the enterprise.  This assists in determining security spend, identifying where duplication or redundant controls lie and details the business impact of security breach losses and internal fraud losses.

Okin continues, “Without doubt getting a clear visibility over spend is important to all business, as well as understanding the risk and compliance requirements. Utilising this Tool, Comsec is able to deliver clients with a programme of change, which allows them to focus their finances and efforts on accurate security controls and counter-measures, helping them manage risk more efficiently.”

Alan Jenkins, Director, Security Risk Management & Chief Security Officer (UK & Ireland), CSC, welcomed the arrival of S.C.A. Tool, saying "Anything that helps identify the actual cost of security across the different divisions of the business is useful. A service which also assists in effectively managing that investment is a must have.  In this economically challenging time, it is critical that applications and solutions are being utilised effectively, but also that security-related costs are being managed proportionate to the business' risk appetite.  We must champion 'value-at-risk' as part of our security support to business."

The Security Cost Analysis Tool (S.C.A. Tool) is being launched as an additional feature of Comsec’s IT Security Cost Management approach1 and is available to enterprises looking to manage security spend without compromising the level of security overall.