Issue No. 05 - September/October (2008 vol. 10)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2008.97
Shari Lawrence Pfleeger , RAND Corporation
Thomas Ciszek , Pardee RAND Graduate School of Public Policy
This article presents a four-step process for evaluating assets to be protected, potential assailants, and likely methods and tactics. It puts the results together as a plan of action for investing in cybersecurity in ways that protect the most critical organizational information and processes. The process differs from earlier attempts to value security because it's based on an ordinal ranking, not on absolute dollar values for security. Moreover, it associates with each investment option an argument for why the investment should be made.
security, investment, process, information technology
T. Ciszek and S. L. Pfleeger, "Choosing a Security Option: The InfoSecure Methodology," in IT Professional, vol. 10, no. , pp. 46-52, 2008.