Home |
Abstract
| Model |
Organisational Model |
Questionnaire |
Links | More Links
| Logbook |
Contact
| Logbook |
Return On Information Security Investment |
This section outlines the status of the
research objectives, activities and deliverables as the research progresses.
| 1 | To investigate the different information security techniques that can be applied in an organisation and to identify the differences between the scenarios in question | |
| 1.1 | Activity | Status |
| 1.1.2 | Conduct a literature review on how information security is applied in organisations. | In
progress. [Started Summer 2004] Added a links section in website for ease of reference. [Dec 2004] Added a literature review model in website. [Dec 2004] |
| 1.1.3 | Conduct interviews with information security practitioners with experience in the field. | Not done. |
| 1.1.4 | Consult standards and information security policies that shed light on the information security techniques that are used. | In progress. [Started Summer 2004] |
| 1.2 | Deliverables | |
| 1.2.1 | Report section - 2000-2500 words | Literature review section in draft format. [Summer 2004] |
| 2 | To measure the ROSI of a security system deployed in an arbitrary company | |
| 2.1 | Activity | Status |
| 2.1.1 | Obtain current security expenditures of existing companies. | Added questionnaire in website to ease data gathering. [Dec 2004] |
| 2.1.2 | Try to establish contacts both locally and abroad. | Established contact with Dr. Hinson from
http://www.noticebored.com [17
Dec 2004] Paper published on http://infosecwriters.com/ [10 February 2005] Established contact with Dr. Albert Caruana (CIMU) [17 February 2005] Paper published at http://security.ittoolbox.com/ [18 March 2005] |
| 2.1.3 | Study techniques that measure ROSI | In progress. |
| 2.1.4 | Identify a suitable method that can be applied to measure ROSI in a company. | Built a tentative new model based on current research. [Dec 2004] |
| 2.2 | Deliverables | |
| 2.2.1 | Report section - 2000 words | Not started. |
| 3 | To identify more cost effective methods of implementing Information Security in an organisation. | |
| 3.1 | Activity | Status |
| 3.1.1 | Study non-financial as well as the financial aspects of an information security strategy. | In progress [Nov 2004]. |
| 3.1.2 | Consider the use of the balanced score card technique or an alternative method. | In progress [Nov 2004]. |
| 3.1.3 | Study how well security policies map the business objectives of the company. | Not started |
| 3.2 | Deliverables | |
| 3.2.1 | Report section - 2500 words | Not started. |
| 3.2.2 | Include a sub-title depending on the method used; such as Adopting a Balanced Score Card Approach in an E-Business Environment | Under consideration. |
| 4 | To determine a minimal security infrastructure dependent on the nature of the business. | |
| 4.1 | Activity | Status |
| 4.1.1 | Comparative analysis between the companies studied. | On-line questionnaire is one attempt to answer this problem. [Dec 2004] |
| 4.2 | Deliverables | |
| 4.2.1 | Report Section – 1500 words. | Not started. |
| 5 | To define an effective information security strategy that is suitable for Small and Medium-Sized Enterprises in the Maltese community | |
| 5.1 | Activity | Status |
| 5.1.1 | Produce a manual specifying the steps to take when considering deploying an information security strategy. | Not started. |
| 5.2 | Deliverables | |
| 5.2.1 | Manual outlining a cost effective security strategy. Report Section -2000 words. | Not started. |