By Topic

Applying ROI Analysis to Support SOA Information Security Investment Decisions

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Buck, K. ; MITRE Corp., McLean, VA ; Das, P. ; Hanf, D.

Offering functionality and data in a secure manner poses significant challenges for Government enterprises that are embracing approaches, such as Service- Oriented Architectures (SOA), especially when there is a desire to promote information sharing across functional, organizational, or Community of Interest (COI) boundaries. Many Government organizations evaluate Implementation of security measures against the risk that a particular vulnerability will be exploited by a particular threat. Informed Information security Investment decisions are made based upon analysis of cost, benefit, schedule, performance, and risk tradeoffs. The Investment decision-making space for Information security In a web-based, service-oriented environment is explored in this paper, and methods for evaluating operational, economic and performance implications are considered. This paper discusses the value and practicality of applying Return-on-Investment (ROI) analysis for Government information security investment decision-making, especially when information sharing is a key success driver. Recommendations are based upon preliminary findings of a MITRE Mission-Oriented Investigation and Experimentation (MOIE) effort related to SOA Performance Measures Expression In Performance-Based Acquisition (PBA) Vehicles.

Published in:

Technologies for Homeland Security, 2008 IEEE Conference on

Date of Conference:

12-13 May 2008