Over the past few years, a considerable number of studies have been made on the Return on Security Investment (ROSI) in connection with security policy. However, it is necessary to quantity types of projected damages, cyber threats, security safeguards and ROSI, since the size of information system and its investment factors are growing continuously. Accordingly, in this paper, we propose a way of effective security investment for a higher ROSI, focusing on how to efficiently conduct assessment with use of the Analytic Hierarchy Process (AHP)-based Canonical Correlation Analysis (CCA). The CCA is a means of measuring the linear relationship between relevant cyber threats and corresponding security-safeguarding methods. Finally, we illustrate how such analyses can be used for determination of which securitysafeguarding method functions most efficiently, as alternative to the current security investment policy.