Information Technology Reference
In-Depth Information
n
Optimize stakeholder (e.g., shareholder, constituent, corporate officer)
value.
Security is not to keep people out so much as it is to let the right people in.
Security is a prudent
business enabler.
Security may be an investment in revenue generation or preserving revenue
streams.
Security is a cost of doing business.
Business need drives the acquisition of technology; information assurance
aligns with technology and business process. Corollary: Security for its own
sake is not good business.
The objective of safeguards is not to protect 100 percent of the assets 100
percent of the time from 100 percent of the threats; rather, the objective of
safeguards is to make a successful attack cost prohibitive.
The cost of safeguards should be less than the value of assets they
protect.
The cost of breach should be greater than the probable payoff.
Consequences add to the cost of an attack: capturing evidence and pursuing
prosecution make it painful for adversaries.
n
n
n
n
n
n
−
−
n
