Home  | Abstract  |  Model | Organisational Model | Questionnaire | Links  | More Links | Logbook | Contact


Return On Information Security Investment


This section outlines the status of the research objectives, activities and deliverables as the research progresses.

1 To investigate the different information security techniques that can be applied in an organisation and to identify the differences between the scenarios in question
1.1 Activity Status
1.1.2 Conduct a literature review on how information security is applied in organisations. In progress. [Started Summer 2004]

Added a links section in website for ease of reference. [Dec 2004]

Added a literature review model in website. [Dec 2004]

1.1.3 Conduct interviews with information security practitioners with experience in the field. Not done.
1.1.4 Consult standards and information security policies that shed light on the information security techniques that are used. In progress. [Started Summer 2004]
1.2 Deliverables  
1.2.1 Report section - 2000-2500 words

Literature review section in draft format. [Summer 2004]

2 To measure the ROSI of a security system deployed in an arbitrary company
2.1 Activity Status
2.1.1 Obtain current security expenditures of existing companies.  Added questionnaire in website to ease data gathering. [Dec 2004]
2.1.2 Try to establish contacts both locally and abroad. Established contact with Dr. Hinson from http://www.noticebored.com [17 Dec 2004]

Paper published on http://infosecwriters.com/ [10 February 2005]

Established contact with Dr. Albert Caruana (CIMU) [17 February 2005]

Paper published at http://security.ittoolbox.com/ [18 March 2005]

2.1.3 Study techniques that measure ROSI In progress. 
2.1.4 Identify a suitable method that can be applied to measure ROSI in a company. Built a tentative new model based on current research. [Dec 2004]
2.2 Deliverables  
2.2.1 Report section - 2000 words Not started.
3 To identify more cost effective methods of implementing Information Security in an organisation. 
3.1 Activity Status
3.1.1 Study non-financial as well as the financial aspects of an information security strategy.   In progress [Nov 2004].
3.1.2 Consider the use of the balanced score card technique or an alternative method.  In progress [Nov 2004].
3.1.3 Study how well security policies map the business objectives of the company. Not started
3.2 Deliverables  
3.2.1 Report section - 2500 words Not started.
3.2.2 Include a sub-title depending on the method used; such as Adopting a Balanced Score Card Approach in an E-Business Environment Under consideration.
4 To determine a minimal security infrastructure dependent on the nature of the business.
4.1 Activity Status
4.1.1 Comparative analysis between the companies studied. On-line questionnaire is one attempt to answer this problem. [Dec 2004]
4.2 Deliverables  
4.2.1 Report Section 1500 words. Not started.
5 To define an effective information security strategy that is suitable for Small and Medium-Sized Enterprises in the Maltese community
5.1 Activity Status
5.1.1 Produce a manual specifying the steps to take when considering deploying an information security strategy. Not started.
5.2 Deliverables  
5.2.1 Manual outlining a cost effective security strategy.  Report Section -2000 words. Not started.