This Control has the following implementation support Control(s):
Establish, implement, and maintain cost management procedures., CC ID: 00873
Identify and allocate departmental costs., CC ID: 00871
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
It is necessary to establish a continuous information security process and to define an appropriate strategy for information security (IS strategy) to be able to achieve and maintain an appropriate level of security. This is useful for planning of further procedure to achieve the security objectives… (§ 3.2 ¶ 1, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
Estimating the costs and expense The investment costs and the correspondingly required personnel should be documented for each basic requirement to be fulfilled. (§ 6.4 ¶ 2 Bullet 3, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
Cost-effectiveness of the security strategy and the specific security measures should be monitored constantly. It should be checked whether the actually incurred costs correspond to the originally planned costs, or whether other alternative security safeguards being more favourable regarding the res… (§ 10.2 Subsection 2 ¶ 1, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
Check appropriateness of resources provided and the cost-effectiveness of the security strategy and security safeguards (§ 10.3 Subsection 1 Bullet 10, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
