Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: InfoSec Economics

ROSI: Security Returns?

March 10, 2008 – 6:01 am – Two of the more controversial topics in information security are return on security investment (or ROSI) and the related subject of security metrics. I will talk to ROSI in this column and metrics in the next one. There are a number of opponents to the ROSI approach. One is Jos Pols who, in his…
By C. Warren Axelrod | Tagged , , | Comments (5)

Fare Timing Attacks on the Long Island Railroad (LIRR)

January 31, 2008 – 6:00 am – The Long Island Rail Road (map) is run by the MTA and is the primary way for the majority of people who live on Long Island commute into NYC for work. I noticed the same phenomena occurring a number of times and then realized that people were using timing attacks to get free rides on the [...] …
By Kenneth F. Belva | Also posted in CSO/CISO Perspectives, Human Elements, Risk Analysis, Technical | Tagged , , , | Comments (0)

Intel ROSI Paper: Sets Practical Guidelines and Proper Expectations

January 24, 2008 – 6:00 am – Late last year I read Matthew Rosenquist’s paper, Measuring the Return on IT Security Investments, over at Intel. I’m glad I have a few minutes to write about it. The premise for the paper is simple: the implementation of a security measure (control) should result in a decrease in the…
By Kenneth F. Belva | Also posted in CSO/CISO Perspectives, Risk Analysis, Security Metrics | Tagged | Comments (0)

Again, Security as a Differentiator

January 21, 2008 – 6:00 am – SC Magazine’s January 2008 cover story this month illustrates security as a differentiator. In the past, I moved from a hard line to more neutral territory based on some marketing material from Visa. Here are some memorable quotes from SC Magazine: Businesses can use security to increase…
By Kenneth F. Belva | Also posted in CSO/CISO Perspectives | Tagged , , | Comments (0)

Dr. Gordon: Information Security can have a positive return

August 20, 2007 – 6:00 am – Before I begin, I’d like to thank Dr. Gordon for an interesting exchange of emails regarding information security economics, specifically enablement and positive return through information security assets. The information security ROI debate was quite heated at times, sometimes bloody.…
By Kenneth F. Belva | Also posted in CSO/CISO Perspectives, Security Metrics | Tagged , , | Comments (3)