Issue No. 05 - September/October (2008 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2008.97
Thomas Ciszek , Pardee RAND Graduate School of Public Policy
Shari Lawrence Pfleeger , RAND Corporation
This article presents a four-step process for evaluating assets to be protected, potential assailants, and likely methods and tactics. It puts the results together as a plan of action for investing in cybersecurity in ways that protect the most critical organizational information and processes. The process differs from earlier attempts to value security because it's based on an ordinal ranking, not on absolute dollar values for security. Moreover, it associates with each investment option an argument for why the investment should be made.
security, investment, process, information technology
Thomas Ciszek, Shari Lawrence Pfleeger, "Choosing a Security Option: The InfoSecure Methodology", IT Professional, vol. 10, no. , pp. 46-52, September/October 2008, doi:10.1109/MITP.2008.97