Analyzing security costs

Mercuri, Rebecca T.

doi:10.1145/777313.777327

Cited by 80 publications

(25 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This also means that a balance between costs and benefits of IT security is demanded (cf. [27], [28], [32]) and that investments in security have to be geared to the principle of economic efficiency. This includes that in the case of an economic revision they have to withstand the then applied measures.…”

Section: Cost-benefit-evaluation Of Information Securitymentioning

confidence: 99%

A Closer Look at Information Security Costs

Brecht

Nowey

2013

The Economics of Information Security and Privacy

View full text Add to dashboard Cite

Abstract. Economic aspects of information security are of growing interest for researchers as well as for decision makers in IT-depending companies. From a business perspective cost-benefit-justifications for information security investments are in the focus. While previous research has mostly focused on economic models for security investments or on how to quantify the benefits of information security this paper aims to take a closer look at the costs for information security. After providing the reader with basic knowledge and a motivation for the topic, we identify and describe the problems and difficulties in quantifying an enterprise's cost for information security in a comprehensive and comparable way with the lack of a common model of information security costs being the most prominent one. Following, this paper discusses four approaches to categorise and determine information security costs in an enterprise. Starting with the classic approach frequently used in surveys, we continue by describing three alternative approaches. To support research on information security costs we propose two metrics. We conclude with inputs for future research, especially for an empirical analysis of the topic.

show abstract

Section: Cost-benefit-evaluation Of Information Securitymentioning

confidence: 99%

A Closer Look at Information Security Costs

Brecht

Nowey

2013

The Economics of Information Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Another technique for measuring the net social value of measures or programs is Cost-Benefit analysis (CBA) [34]. A short evaluation of current methods including ICAMP (Incident Cost Analysis Modeling Project), internal rate of return (IRR) and maximum net present value (NPV) can be found in Mercuri [35]. All these frameworks do not consider the external business value of reaching a defined security level.…”

Section: Overview Of Research In Security and Business Process Mamentioning

confidence: 99%

Secure business process management: a roadmap

Neubauer

Klemen

Biffl

2006

First International Conference on Availability, Reliability and Security (ARES'06)

View full text Add to dashboard Cite

Abstract-The security of corporate business processes is crucial for the business success of companies. Existing Business Process Management methodologies barely consider security and dependability objectives. Business processes and security issues are developed separately and often do not follow the same strategy. Growing business integration and legal requirements raise the need for secure business processes as security problems negatively affect profit and reputation of companies and their stakeholders. In this paper we summarize the state of the art of business process management and security and identify shortcomings of existing approaches. Based on that we identify research challenges and present a roadmap for Secure Business Process Management (SBPM) that allows an integrated view on business process management and security. This approach provides top management in process oriented enterprises with a stepwise methodology for the parallel and continuous development and improvement of business processes along with security issues over the whole business process life cycle.

show abstract

“…Another technique for measuring the net value of measures or programs is Cost-Benefit analysis (CBA) [21]. A short evaluation of current methods including ICAMP (Incident Cost Analysis Modelling Project), internal rate of return (IRR) and maximum net present value (NPV) can be found in [13]. Butler [3] uses a cost-benefit analysis method SAEM (Security Attribute Evaluation Method) to compare alternative security designs.…”

Section: ) 2) 3) 4) Security Frameworkmentioning

confidence: 99%