Determine The Value Of Information Security Assets And Liabilities — Information Security Economics 102

This is the second in a series of reports providing guidance and new methods for the financial management of information security. The CISO's role is rapidly changing. A few years ago the CISO for many midsize firms was the security operations manager, and the job then was to employ technical skills to keep desktops, servers, and networks protected. Even in larger firms, the CISO still was sharply focused on technical IT security issues. Now, with losses from cybercrime spiraling out of control, security and risk professionals need a broad cross-section of financial skills and tools to be effective defenders of the enterprise. They need to effectively analyze how they allocate security resources to maximize their value to the business. Using a tool like the balance sheet — an information security balance sheet — will help you understand your information posture better, helping you account for the assets and liabilities you have as a security and risk professional.