Making the case for a company to include various computer/network security measures can be a difficult task. There are many reasons for this; primary among them are the difficulty to gauge any financial losses caused by security breaches and the ephemeral nature of many benefits of security systems on a company's computer network.

IT staff who seek to have different types of security protocols put into use within a company, then, often face an uphill battle in demonstrating their necessity. In these sorts of cases, using a Return on Security Investment (ROSI) calculation can be the most effective way of measuring and determining existing security measures, and the potential need for additional ones.