X. Costs and Benefits

The issue of data security can be reduced to the desire for data accessibility by an individual versus the need for data se­crecy by an organization. Analysis of organizational data needs compared with its sensitive data analysis report is one starting point for doing a cost-benefit analysis. One method for doing this is a risk matrix model. Information assets can be compared with data threats and vulnerability. The value of the data is its worth in case of loss. The obvious difficulties of interpretation do not preclude the use of this method to help in the decision-making process. The following are impor­tant issues for discussion.
  1. Accessibility Versus Secrecy: If information is to be used, it must be accessible or users will not avail themselves of it. If it is too available, it may be distributed to unauthorized individuals.
  2. Costs
    1. Money and time for development, installation, procurement, and maintenance of security measures
    2. Special skills
    3. Performance
    4. Productivity
    5. Training time
    6. Compatibility - of equipment, procedures,...
  3. Benefits
    1. Precise definition of requirements
    2. Value of information
    3. Peace of mind
    4. Productivity
    5. Protection from legal liability
    6. Protection from loss of control of assets/company
    7. Good-will
    8. Privacy
      1. Individual
      2. Corporate
      3. Governmental