(May, 2014) — A set of principles of an economic framework for cyber security, including a description of the the Consensus Audit Guidelines and what to do beyond critical security controls, is the topic of this paper.
The paper was the second in a two part series published by the International Cyber Committee at AFCEA where John M. Gilligan is co-chair.
Consensus Audit Guidelines Are Key
Additional efforts beyond the Consensus Audit Guidelines Critical Controls should focus on collecting both cost and benefit data from representative organizations. This will permit validation of the principles in this effort and provide more granular economic insights for organizations with regard to investments in cyber security. The cyber security economics must make sense.
[To promote ease of use in viewing this Portable Document Format (PDF) document, it is presented in iPaper on our Scribd page. The embedded version appears below and can be downloaded, emailed or seen in full screen mode using the controls on the bottom right of this feature.]