Doing More with Less - A Risk-Based, Cost-Effective Approach to Holistic Security

11 Pages Posted: 22 Mar 2009 Last revised: 1 Apr 2009

Date Written: March 19, 2009

Abstract

Data security plans often center around the "more is better" concept. These call for locking everything down with the strongest available protection and results in unnecessary expenses and frequent availability problems and system performance lags. Alternatively, IT will sometimes shape their data security efforts around the demands of compliance and best practices guidance, and then find themselves struggling with fractured security projects and the never-ending task of staying abreast of regulatory changes.

There is a better way - a risk-based classification process that enables organizations to determine their most significant security exposures, target their budgets towards addressing the most critical issues and achieve the right balance between cost and security. In this article, I discuss the risk-analysis processes that can help companies achieve cost-savings while measurably enhancing their overall data security profile by implementing a holistic plan that protects data from acquisition to deletion.

Keywords: Performance, Database Security, Encryption, Privacy, VISA CISP, GLBA, HIPAA, PCI

JEL Classification: O31

Suggested Citation

Mattsson, Ulf T., Doing More with Less - A Risk-Based, Cost-Effective Approach to Holistic Security (March 19, 2009). Available at SSRN: https://ssrn.com/abstract=1365522 or http://dx.doi.org/10.2139/ssrn.1365522

Ulf T. Mattsson (Contact Author)

Protegrity Corp. ( email )

One Cantebury Green
Stamford, CT 06901
United States

HOME PAGE: http://www.ulfmattsson.com

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
108
Abstract Views
900
Rank
454,063
PlumX Metrics