This week a group called the Application Security Industry Consortium will debut, with the goal of offering ways to measure security ROI and apply metrics to buying security products.Chief information security officers can have a difficult time fighting for budget dollars, because detailing the business ROI of buying a security product is far different from buying a Web portal.This week a group called the Application Security Industry Consortium (AppSIC ) will debut, with the goal of changing that situation by offering ways to measure security ROI and apply metrics to buying security products.Security Innovation heads up AppSIC, which was founded by 14 vendors, analysts and companies that buy, sell and use products. The consortium includes rivals such as Microsoft, Red Hat, Oracle and SAP. Herbert Thompson, the consortium’s chair and director of security technology at Security Innovation, says AppSIC members will meet monthly to exchange ideas and vet papers to be issued under the AppSIC imprimatur.“For instance, we’ll publish the top 10 questions I’d need to ask my vendor on software security before I buy, and the kinds of answers you should expect,” Thompson says. “And we’re going to help enterprises factor in security in their budgets, as well as help IT development groups increase software security.” Many say the need to get a better grip on what security ROI means is clearly there.“As a CISO, you have to give up being a geek and become a business manager,” says Rolf Moulton, interim president and CEO of the 40,000-member organization International Information Systems Security Certification Consortium (ISC2 ).ISC2 last week released a survey of more than 4,000 security professionals that indicates the CISO is increasingly expected to interact with upper management. Management wants security expressed, not in technical terms but as risk management, Moulton says.It’s easier to express the security ROI of security services, because a managed service can be defended as an economical alternative to buying software, says Andrew Krcik, vice president of marketing at PGP.“The problem with security is, you are spending money to try and prevent bad from happening,” says Doug Jacobson, director of Iowa State University’s Information Assurance Center. “It often doesn’t add to the bottom line on the balance sheet, unlike other IT acquisitions where you add more computing power, more network bandwidth, more storage, which are easier to justify.”Thompson says AppSIC is open to all comers and there’s no membership fee to join. Related content news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Network Management Software Networking opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software brandpost Sponsored by HPE Aruba Networking SASE, security, and the future of enterprise networks By Adam Foss, VicePresident Pre-sales Consulting, HPE Aruba Networking Nov 28, 2023 4 mins SASE news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe