Security Return on Investment (SROI)

Good Information Security practices are one of the few improvements a company can make that will actually provide a positive Security Return on Investment (SROI). The costs that a business spends on preventative Information Security practices can dramatically reduce expenses throughout the company.

Cost Savings Benefits

The benefits of Information Security for Small and Medium Businesses (SMBs) are many:

 

 

Browse Our Products

  • Secure Controls Framework (SCF) Policy, Standards, Controls & Metrics Template - DSP / SCF

    Digital Security Program (DSP)

    Secure Controls Framework (SCF)

    Secure Controls Framework (SCF) "Premium Content" - Editable Policies, Control Objectives, Standards, Guidelines, Controls & Metrics. Product Walkthrough Video When you click the image or the link below, it will direct you to a different page on...

    $10,400.00 - $15,200.00
    Choose Options
  • ComplianceForge ISO 27001 & 27002 Compliance Documentation Templates Policy & Standards Template - ISO 27001 / 27002

    Policy & Standards Template - ISO 27001 / 27002

    ComplianceForge ISO 27001 & 27002 Compliance Documentation Templates

    ISO 27001 & 27002 Policy Template   UPDATED FOR ISO 27001:2022 & 27002:2022   Product Walkthrough Video When you click the image or the link below, it will direct you to a different page on our website that contains a short...

    $1,980.00 - $6,780.00
    Choose Options

NIST SP 800‑53 R5 Control Families

This release includes a total of 1,189 controls, organized into 20 families:

  1. Access Control
  2. Awareness & Training
  3. Audit & Accountability
  4. Assessment, Authorization & Monitoring
  5. Configuration Management
  6. Contingency Planning
  7. Identification & Authentication
  8. Incident Response
  9. Maintenance
  10. Media Protection
  11. Physical & Environmental Protection
  12. Planning
  13. Program Management
  14. Personnel Security
  15. Personally Identifiable Information (PII) Processing & Transparency
  16. Risk Assessment
  17. System & Services Acquisition
  18. System & Communications Protection
  19. System & Information Integrity
  20. Supply Chain Risk Management

This count includes deprecated controls that have been removed or folded into others. Some controls are not categorized under baselines—low, moderate, high, or privacy—per NIST SP 800‑53B.

ComplianceForge provides full 1:1 mapping of all 20 families and their controls in its CDPP documentation.