Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Barbara C. Lippiatt; Sieglinde K. Fuller;|
|Title:||An Analytical Approach to Cost-Effective, Risk-Based Budgeting for Federal Information System Security|
|Published:||January 01, 2007|
|Abstract:||The purpose of this report is to identify and illustrate an approach to simplify and strengthen capital planning for information system security in compliance with federal policy and guidance. The report provides the theoretical underpinnings of a methodology that will enable budgeting officials, system owners, and managers to select cost-effective strategies for optimizing the level of information system security to be achieved, given the level of vulnerability faced by the organization. The method of evaluation used is the Analytic Hierarchy Process (AHP), a multi-attribute decision approach. It integrates quantitative and qualitative information in a hierarchical structure in such a way that decision-makers can logically and consistently evaluate all the alternatives in a complex decision problem. An illustrative case study applies the AHP to the selection of a cost-effective security investment, given the likelihood and magnitude of threats to the information system. Expert judgments of risks, overall agency goals, and existing system weaknesses are merged with investment costs to illustrate the AHP process for calculating a measure of merit for evaluating investment alternatives.|
|Citation:||NIST Interagency/Internal Report (NISTIR) - 7385|
|Research Areas:||Building Economics, Economic Impact Analysis|
|PDF version:||Click here to retrieve PDF version of paper (469KB)|