Loading ...-
-
-
BlogInfoSec.com Sponsors
-
BlogInfoSec.com Partners
Category Archives: Security Metrics
Intel ROSI Paper: Sets Practical Guidelines and Proper Expectations
January 24, 2008 – 6:00 am
–
Late last year I read Matthew Rosenquist’s paper, Measuring the Return on IT Security Investments, over at Intel. I’m glad I have a few minutes to write about it.
The premise for the paper is simple: the implementation of a security measure (control) should result in a decrease in the…
Dr. Gordon: Information Security can have a positive return
August 20, 2007 – 6:00 am
–
Before I begin, I’d like to thank Dr. Gordon for an interesting exchange of emails regarding information security economics, specifically enablement and positive return through information security assets.
The information security ROI debate was quite heated at times, sometimes bloody.…
A Phlogiston Theory of Reputational Risk?
March 20, 2007 – 7:02 am
–
At the current time, an indirect measurement of reputation through investor confidence (such as stock price) is the best indicator we may have of reputational risk and damage.
Unfortunately this indirect measurement leads some to feel that is not firm footing on which to place our conclusions…
Improving Your Security Posture: The Citibank Scorecard
November 21, 2006 – 9:44 pm
–
I attended a reception after the UN conference for Web Development 2006 organized by AIT Global.
In the course of the reception I met Brad Hildreth, a Vice President in the Information Security Department within the Technical Infrastructure Group at Citigroup.
Our discussion centered around…
