Reading on Justifying Security Operations

My post Managing Security in Economic Downturns mentioned wrapping everything in metrics to justify your security operation. I decided to peruse the past proceedings of the Workshop on the Economics of Information Security for ideas.

I was mostly interested in works explaining how to show value derived from security operations. (Remember value is mainly or exclusively cost avoidance.) I am really interested in knowing how much it costs to maintain and defend an information infrastructure vs what it costs to exploit it. I found the following to be previous work in related areas.

You may also remember my review of Managing Cyber-Security Resources: A Cost-Benefit Analysis. It is good background reading.

Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.


Popular posts from this blog

Five Reasons I Want China Running Its Own Software

Cybersecurity Domains Mind Map

A Brief History of the Internet in Northern Virginia