Skip to main content

The WiKID Blog

Viewing posts tagged Security and Economics

risk-and-effectiveness-for-project-evaluation

Gunnar Peterson has a post from Metricon about Bryan Ware's presentation about combining the effectiveness of a solution and the risk involved. I couldn't find the link to the actualy presentation. (I didn't have the time to go through them all.)

I think I would tie the effectiveness of the proposed security solution to the cost of capital of the overall project. It would be interesting to tie Bryan's work with my "work" on estimating the cost of capital for an information security project.

incentive-plan-for-an-information-security-team

It has occurred to me that you could develop an interesting incentive program for an information security team, assuming that you believe a couple of data points (or can come up with your own) and your primary concern is a data breach. In my opinion, security people are all too often incented only to maintain security - not to optimize the investment in security. Interests need to be aligned.

it-propoganda-i-dont-think-so

The anonymous CEO blogger has accused me of IT propoganda. Don't worry my feelings aren't hurt ;). Of course, it is in my interest as the CEO of a security firm that more CEOs recognize the value that investing in security brings. However, I would point out a few things that IMO, keep this post from being pure 'propoganda'.

more-breach-cost-estimates

More data on the cost of cleaning up after a breach, this time from Forrester via InfomationWeek.

The average security breach can cost a company between $90 and $305 per lost record, according to a new study from Forrester Research. The research firm surveyed 28 companies that had some type of data breach.

more-on-low-frequency-high-impact-events

Adam's post yesterday on the agency problem got me thinking more about low-frequency, high-impact events and their predictability. His post was about Bear Stearns and how employees lost money. The interesting point for me was that those are the people that should have been in the best position to know that the potential for a high-impact event was increasing.

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom