Measuring effectiveness in Information Security Controls

The main purpose of the Information Security Analyst is to control the exposure to information security risks. However, the information security budget is not unlimited and there is increasingly a need to justify the return on investment for the controls implemented in our companies. How can we...

By

Manuel Humberto Santander Peláez

July 6, 2010

All papers are copyrighted. No re-posting of papers is permitted

Related Content

Why_SANS_-_Blog_-_4_Trends_That_Will_Define_the_CISO’s_Role_in_2024_340_x_340.jpg

Cybersecurity Insights

4 Trends That Will Define the CISO's Role in 2024

These are the topics most prevalent in countless discussions with security leaders and experts.

340x340_-_Blog_-_Why_SANS_infographic_-_Day_1_(2).jpg

Cybersecurity Insights

4 Key Cybersecurity Trends to Watch in 2024

This infographic shows four major trends that will give CISOs the opportunity to empower their organizations and security teams in 2024.

Cybersecurity Insights

The Ultimate List of SANS Cheat Sheets

Need help cutting through the noise? SANS has a massive list of Cheat Sheets available for quick reference.