Title: Cost Benefit Toolbox for
Information Security
Abstract: Secure
and efficient business processes – both in the public and private
sectors –
represent a fundamental concern for all enterprises. They are
indispensable
for a focused (and reproduceable) achievement of added value. The
establishment
of secure sources of information (i.e. any type of deployable data) is
a
major component in the establishment of secure and efficient business
processes.
The emerging field of information security is thus required not only to
prove itself in business and technological terms, but also in economic
terms,
just as any other discipline within an enterprise. The added value that
is to be achieved by investments in information security can thus be
expected
to become an increasingly important subject of scrutiny. This
underscores
the need of various experts within an enterprise (or a public sector
organisation)
to have access to a compact and practical means of illustrating the
importance
of investments in information security to the enterprise’s management.
A
Cost Benefit Toolbox consistent of a) Cost Benefit Sheets, b) Program
Management,
c) PRONOE, and d) a Benchmark mechanisms will be presented. This
toolbox
represents exactly this sort of instrument in that it effectively
allows
one to focus on the core element of information security, namely, the
task
of comparing risks and security investments. It enables one to
carefully
align the resources whose allocation is up for consideration to the
threshold
of acceptable risk as defined by the management.
Author: Lampros
Tsinas