Information Security and Risk Management
Use the new PCR risk metric to find ways to enhance security, avoiding one-dimensional metrics like ALE that could risk an organization's survivability.
Lawrence A. Gordon
Advertisement
Author Archives
Budgeting Process For Information Security Expenditures
Empirical evidence shows that cost-benefit analysis is a sound basis for budgeting information security expenditures.
Evaluating Information Security Investments -sing the Analytic Hierarchy Process
In today's information-based economy, organizations must avoid costly information security breaches. Unfortunately, organizations cannot make all of their information 100% secure all of the time. There are economic, as well as technical, impediments that prevent perfect information security. Accordingly, organizations usually prepare an annual fixed (limited) budget for the maintenance and improvement of their information security systems. Two key issues confront the chief information security officer (CISO) of an organization: how to spend this limited information security budget most effectively, and how to make the case to the organization's chief financial officer (CFO) for an increase in funds to further enhance the organization's information security. The primary objective of this article is to show how to use the analytic hierarchy process (AHP) to address these two information security issues.
A Framework For Using Insurance For Cyber-Risk Management
Seeking to protect an organization against a new form of business losses.
Using Information Security as a Response to Competitor Analysis Systems
To protect your firm's valuable business data from competitors, sometimes it's best to think like competitors and take a walk in their shoes.
Shape the Future of Computing
ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.
Get Involved