An Analytical Approach to Cost-Effective, Risk-Based Budgeting for Federal Information System Security Contributor(s): Nist (Author) |
|
ISBN: 1493755412 ISBN-13: 9781493755417 Publisher: Createspace Independent Publishing Platform OUR PRICE: $11.39 Product Type: Paperback Published: November 2013 |
Additional Information |
BISAC Categories: - Computers | Information Technology |
Physical Information: 0.12" H x 8.5" W x 11.02" (0.35 lbs) 58 pages |
Descriptions, Reviews, Etc. |
Publisher Description: The purpose of this report is to identify and illustrate an approach to simplify and strengthen capital planning for information system security in compliance with federal policy and guidance. The report provides the theoretical underpinnings of a methodology that will enable budgeting officials, system owners, and managers to select cost-effective strategies for optimizing the level of information system security to be achieved, given the level of vulnerability faced by the organization. The method of evaluation used is the Analytic Hierarchy Process (AHP), a multi-attribute decision approach. It integrates quantitative and qualitative information in a hierarchical structure in such a way that decision-makers can logically and consistently evaluate all the alternatives in a complex decision problem. An illustrative case study applies the AHP to the selection of a cost-effective security investment, given the likelihood and magnitude of threats to the information system. Expert judgments of risks, overall agency goals, and existing system weaknesses are merged with investment costs to illustrate the AHP process for calculating a measure of merit for evaluating investment alternatives. |