ABSTRACT
The successful management of information security within an organization is vital to its survival and success. The effective implemenation of COTS (Commercial, Off-The-Shelf)-based security controls is one of the critical success factors of information security managements. This paper presents the formal method which provides the process of selection and the criteria for evaluation of COTS-based security controls for the effectiveness and the efficiency of decision making of corporate managers. A case study proves practical values of this paper.
