Issue No.05 - September/October (2008 vol.10)
Shari Lawrence Pfleeger , RAND Corporation
Thomas Ciszek , Pardee RAND Graduate School of Public Policy
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2008.97
This article presents a four-step process for evaluating assets to be protected, potential assailants, and likely methods and tactics. It puts the results together as a plan of action for investing in cybersecurity in ways that protect the most critical organizational information and processes. The process differs from earlier attempts to value security because it's based on an ordinal ranking, not on absolute dollar values for security. Moreover, it associates with each investment option an argument for why the investment should be made.
security, investment, process, information technology
Shari Lawrence Pfleeger, Thomas Ciszek, "Choosing a Security Option: The InfoSecure Methodology", IT Professional, vol.10, no. 5, pp. 46-52, September/October 2008, doi:10.1109/MITP.2008.97