Return on Information Security Investment - Paper

I have published on my website a draft paper entitled "Return on Information Security Investment - Are you spending enough? Are you spending too much?" Readers are encouraged to send feedback to amz@yahoo.com

Free GOOGLE gmail account

A GOOGLE gmail account will be donated to the first 5 persons (who do not remain anonymous) who fill in the Questionnaire at Return on Information Security Investment Questionnaire. The submissions will be verified.

Information Security - Questionnaire

Information Security - Questionnaire

This questionnaire quickly analyses whether you are over or underspending in your IT Security expenditure. By entering the amount you spend on protecting your IT assets and estimating the possibility of a threat - depending on the nature of your business, you will get a rough estimate of whether you are overspending or not. It will only take 2 minutes of your time to get started.

Definitions

Vulnerability: Any characteristic of a computer system that allows an individual to keep it from correctly operating, or that will allow unauthorized users take control of the system. A design, administrative, or implementation weakness or flaw in hardware, firmware, or software. If exploited, a vulnerability could lead to an unacceptable impact in the form of unauthorized access to information or disruption of critical processing.

Attack: 1) A discrete malicious action of debilitating intent inflicted by one entity upon another. A threat might attack a critical infrastructure to destroy or incapacitate it. 2) Intentional attempt to bypass the physical or information security measures and controls protecting an IS.