What Should You Spend on Cybersecurity? Presentation

Updated Life Cycle Cost Estimating Factors for Cybersecurity in Business IT Systems

Starting in 2019, analysts from PRICE Systems, LLC and The Mitre Corporation conducted joint research to identify cybersecurity data and estimating methods to support development of government IT programs. We downloaded data from the OMB IT Dashboard to use for the analysis. In 2020, we presented a set of initial factors that support system development cost estimates. These factors estimate cybersecurity cost by cost category as a percent of Total Investment Cost for an IT system. Categories included cyber program management, test, documentation, certification, design, requirements analysis, risk assessment, hardware applications and software applications.

Over the last year, PRICE® has continued their portion of the research, using updated data from the OMB IT Dashboard, expanded to now also include sustainment costs for IT systems. We will expand on the updates during the presentation (Manage Cyber Ops, Recurring ATO, SW Maintenance, SW Patches, HW Maintenance), and revised the 2020 factors to reflect additional activities and programs). The revised factors for Development and Sustainment will be presented as part of the webinar, along with the statistical validation of their ability to provide defensible estimates of cybersecurity costs.