This Article 
 Bibliographic References 
 Add to: 
Predictable Surprises
July/August 2009 (vol. 7 no. 4)
pp. 74-76
Ronda Henning, Harris Corporation
Justifying security expenditures in difficult economic times is problematic at best, career ending at worst. This article provides a methodology to improve the probability of budget success based on risk assessment techniques, proven project management skills, and economics.

1. "Managing Risk from an IT Perspective," special publication 800-39 (draft), US Nat'l Inst. Standards and Technology, Apr. 2008.
2. J. McCumber, Assessing and Managing Security Risk in IT Systems: A Structured Methodology, Auerbach Publications, 2004.
3. M. Mullane, Riding Rockets: The Outrageous Tales of a Space Shuttle Astronaut, Scribner, 2006.
4. "Security Controls for IT Systems," special publication 800-53 rev. 3 (draft), US Nat'l Inst. Standards and Technology, 5 Feb. 2009.

Index Terms:
Basic training, risk assessment, security policy, information assurance
Ronda Henning, "Predictable Surprises," IEEE Security & Privacy, vol. 7, no. 4, pp. 74-76, July-Aug. 2009, doi:10.1109/MSP.2009.101
Usage of this product signifies your acceptance of the Terms of Use.