This calculator provides insight into one of the biggest problems information security and IT professionals have - how to prove to the top management that an investment in information security makes sense.
The calculation is performed in two steps:
Step 1. - The costs of an incident are calculated by taking into account all the relevant costs if an incident occurs and the probability of incident occurrence.
Step 1. - The costs of security measures/controls are calculated, and the level to which the risk of this incident would decrease because of such mitigation.
The final result is the calculation whether the gain (the risk decrease) is higher than the needed investment (security measures/controls).
The use this calculator requires no expert knowledge about information security or finance, and it requires to gather existing data on costs within the company, security measures and potential incidents. It can be used by both IT and security professionals, and finance analysts.