Australian Information Security Management Conference

Document Type

Article

Publisher

SRI Security Research Institute, Edith Cowan University, Perth, Western Australia

Comments

This paper was originally presented at The Proceedings of [the] 13th Australian Information Security Management Conference, held from the 30 November – 2 December, 2015 (pp. 94-100), Edith Cowan University Joondalup Campus, Perth, Western Australia.

Abstract

A strategic question for any business is: What value do control frameworks give? The question concerns the costs associated with implementing and maintaining control frameworks compared with the benefits gained. Each control framework contains many controls that may or may not benefit a situation and this research is aimed at testing different selections and combinations of controls to forecast probable impacts on business outcomes. The scope of the research is limited to a representative set of security controls and the lesser question: What are the criteria for selecting the most effective and efficient security control configurations for best business value? We design a decision support tool (DSS), run a pilot study and begin to develop output sets as part of the exploratory research. The conclusion is that in controlled environments the security controls may be optimised to deliver the best business value and that the highest performing sets of controls can be forecasted once the interaction factors are known.

DOI

10.4225/75/57b69f80d9391

Share

 
COinS