Considerations on the selection and prioritization of information security solutions

This paper provides a set of guidelines that can be used for prescribing a methodology or a detailed process for selecting and prioritizing security projects or solutions. It is based on the idea that costs of security solutions should be justified by their contribution to ensuring adequate protecti...

Full description

Saved in:
Bibliographic Details
Published in:Audit financiar (Bucharest, Romania ) Romania ), 2016-05, Vol.14 (137), p.564-574
Main Author: RADULESCU, Maria Cristina
Format: Article
Language:English
Subjects:
Information security
security solution
information resource
security risk
efficiency
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This paper provides a set of guidelines that can be used for prescribing a methodology or a detailed process for selecting and prioritizing security projects or solutions. It is based on the idea that costs of security solutions should be justified by their contribution to ensuring adequate protection of information resources in the organization which implements them. The article reviews general issues of security risks and costs, arguing the need for explicit consideration of information resources security requirements in order to validate decisions concerning security projects implementation. In such an approach, security requirements of information resources are used as a reference system to quantify the benefits and limitations of security solutions defined as alternative or complementary responses to certain security risks as their implementation faces budget constraints.
ISSN:1583-5812
1844-8801
1844-8801
DOI:10.20869/AUDITF/2016/137/564