The reviewed record of science sign in
Pith

arxiv: 1512.04371 · v1 · pith:URA5SWB3 · submitted 2015-12-14 · cs.CY · cs.CR

'Context, Content, Process' Approach to Align Information Security Investments with Overall Organizational Strategy

Reviewed by Pithpith:URA5SWB3open to challenge →

classification cs.CY cs.CR
keywords informationsecurityapproachinvestmentsinvestmentmodelsorganizationalstrategy
0
0 comments X
read the original abstract

Today business environment is highly dependent on complex technologies, and information is considered an important asset. Organizations are therefore required to protect their information infrastructure and follow an inclusive risk management approach. One way to achieve this is by aligning the information security investment decisions with respect to organizational strategy. A large number of information security investment models have are in the literature. These models are useful for optimal and cost-effective investments in information security. However, it is extremely challenging for a decision maker to select one or combination of several models to decide on investments in information security controls. We propose a framework to simplify the task of selecting information security investment model(s). The proposed framework follows the 'Context, Content, Process' approach, and this approach is useful in evaluation and prioritization of investments in information security controls in alignment with the overall organizational strategy.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.