Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: Virtual Trust

Dr. Gordon: Information Security can have a positive return

August 20, 2007 – 6:00 am – Before I begin, I’d like to thank Dr. Gordon for an interesting exchange of emails regarding information security economics, specifically enablement and positive return through information security assets. The information security ROI debate was quite heated at times, sometimes bloody.…
By Kenneth F. Belva | Posted in CSO/CISO Perspectives, InfoSec Economics, Security Metrics | Also tagged , | Comments (3)

Email from Dr. Lawrence Gordon: Security ROI possible but not optimal, use other metrics

July 18, 2007 – 6:00 am – Due to the discussions produced over the last few days, I took the time to ask Dr. Lawrence Gordon and Dr. Martin Loeb their opinion on the security ROI issue. For those of you who do not know, Gordon and Loeb wrote the book Managing Cyber Security Resources: A Cost-Benefit Analysis. I’d…
By Kenneth F. Belva | Posted in CSO/CISO Perspectives, InfoSec Economics | Also tagged , , | Comments (3)

An Open Email to Mike Rothman on Security ROI

July 17, 2007 – 6:00 am – Hey Mike, I read your post yesterday, but there is a slight bug in it! My blog post you cite was referencing Richard’s post entitled “Are the Question Sound?“, not the security network monitoring case study. In “Are the Question Sound?” Richard tries to give a…
By Kenneth F. Belva | Posted in General | Also tagged , | Comments (0)

Bejtlich and Business: Will It Blend?

July 13, 2007 – 6:00 am – As I read Are the Questions Sound? I laughed, I cried but CATS was still better…. Richard tries to compare the world of finance to the world of InfoSec after he takes the following notes on a Wall Street CISO’s InfoSec comments: The present author was confronted with this list,…
By Kenneth F. Belva | Posted in InfoSec Economics | Also tagged | Comments (8)

A 2 for 1 Post: Richard Clarke - Right & Wrong / My Thoughts on the Future of Infosec

June 14, 2007 – 7:19 am – This blog post pointed me over to a techtarget article that interviewed Richard Clarke. Clarke is reported as saying: “That illustrates the problem,” he said. “It’s about what you don’t know, or what you don’t see or can’t prove. Industrial and national…
By Kenneth F. Belva | Posted in General | Also tagged , , , | Comments (1)