Nowadays the information technology is used more widely than ever, failing this the problems of information security is getting more and more serious. Most organizations pay attention to this problem. On one hand, many enterprises strengthen their core competition power through using modern information technologies, on the other hand, when more enterprises depend on the same information technology, the construction of information security become a key mission for all of the enterprise.Facing so many security problems, the runners of enterprises can keep these away by training employees, strengthening information management, or using different security technologies. Due to the limitation of human resources, material resources, financial resources, the manager of the enterprise must invest"just enough"bankroll on the projects of information security. Then how should the manager decide this investment? This is a puzzle in front of us.This paper wants to give some methods to solve this puzzle. At first, it analyses the information risks of enterprises, and then give the primary ways how enterprise owners deal with it, at last this paper gives us a decision-making system to help the runners to make a right decision on information security investment. |