This is a current version of a presentation that @JoshCorman and I have given at RSA US 2012, GFIRST 2012 and RSA Europe 2012 on adversary centric security models. We've gotten a number of request for the slides, so we've posted them here.
The security community has failed for years to determine return on investment (ROI) or Return on Security Investment (ROSI). It’s failed as you can’t evaluate security efficacy without assessing the adversary’s perspective. Updated from the highly rated RSA US 2012 session, we’ll discuss the “Adversary ROI” model and provide mappings for different threat actors, ranging from organized to chaotic.
For more resources on Adversary ROI, visit http://elevatedsecurity.blogspot.com/2012/10/adversary-roi-resources.html