CYFIRMA’s Cyber Awareness Series: Cost of security controls, implementation time, resource requirements, and review cadence
Cybersecurity Economics: While difficult to calculate the ROI of security controls, the damage caused by its absence can be catastrophic. Organizations must:
- Balance the critical drivers for installing effective security controls in an organization: cost, time and resources required for implementation, maintenance and a regular review cycle.
- Target the controls at People, Processes, and Technology as the critical parameters determining the design and operational effectiveness of the security controls.
Here’s our view on:
· Security control costs
· Implementation time
· Resource requirements
· Review frequency of control logs and configurations
While there is no fit-for-all approach as customization will be required based on strategic goals, risk tolerance, budget, organization size, user and site spread, and business complexity — our suggested approach to implementing an effective security controls program is universal.

