Konzeption eines Systems zur überbetrieblichen Sammlung und Nutzung von quantitativen Daten über Informationssicherheitsvorfälle

Nowey, Thomas

doi:10.1007/978-3-8348-9873-9

Cited by 4 publications

(4 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It is widely agreed that quantifying the benefits of information security measures is hard (see for example [30]). In this section we present multiple issues that underline that also the quantitative determination of costs related to information security has to overcome some serious challenges.…”

Section: The Challenges In Quantifying Security Costsmentioning

confidence: 99%

See 1 more Smart Citation

A Closer Look at Information Security Costs

Brecht

Nowey

2013

The Economics of Information Security and Privacy

Self Cite

View full text Add to dashboard Cite

Abstract. Economic aspects of information security are of growing interest for researchers as well as for decision makers in IT-depending companies. From a business perspective cost-benefit-justifications for information security investments are in the focus. While previous research has mostly focused on economic models for security investments or on how to quantify the benefits of information security this paper aims to take a closer look at the costs for information security. After providing the reader with basic knowledge and a motivation for the topic, we identify and describe the problems and difficulties in quantifying an enterprise's cost for information security in a comprehensive and comparable way with the lack of a common model of information security costs being the most prominent one. Following, this paper discusses four approaches to categorise and determine information security costs in an enterprise. Starting with the classic approach frequently used in surveys, we continue by describing three alternative approaches. To support research on information security costs we propose two metrics. We conclude with inputs for future research, especially for an empirical analysis of the topic.

show abstract

Section: The Challenges In Quantifying Security Costsmentioning

confidence: 99%

“…This leads to an approach that not only covers the cost of purchase for a security measure but also other costs within its life cycle. An example of such a categorisation is sketched in [30]:…”

Section: Approachmentioning

confidence: 99%

A Closer Look at Information Security Costs

Brecht

Nowey

2013

The Economics of Information Security and Privacy

Self Cite

View full text Add to dashboard Cite

show abstract

“…Experts should accompany this approach verifying value of estimated parameters. [16] Additionally, user can qualitatively assess flaws (high to low priority) considering criticality of flaw to the customer. This approach pre-selects the most relevant The risk report (refer to figure 3) addresses the effected management of ramp-up projects.…”

Section: Risk Assessmentmentioning

confidence: 99%

Execution of Ramp-up Projects in Day-to-Day Operations through a Quantitative Risk Management Approach

Cube

Schmitt

2014

Procedia CIRP

View full text Add to dashboard Cite

An approach to systematically identify and analyse delay risks in ramp-up projects of automotive manufacturers assuring scheduled ramp-up is discussed considering challenges of time-to-volume, increased quantity of ramp-up projects and increased complexity of products. It follows a multi-stage process based on the common risk management process. Within the first stage comprehensive risk identification in a preliminary process of ramp-up projects is conducted. The second stage includes any activities (risk management) to optimise ramp-up process with regards to delay risks. The approach was validated at an automotive manufacturer site within a ramp-up project of a new product. Results of the forecasting risk simulation and reality of open flaws are to a high degree consistent.

show abstract

“…sind und über einen hinreichend langen Zeitraum erfasst wurden (Nowey 2011). Bei Unternehmensneugründungen, bei der Neueinführung von Prozessen oder kurzzeitiger Betriebstätigkeit kann diese Anforderung jedoch oft nicht erfüllt werden (Wolke 2008;DIIR 2005).…”

Section: Kontrollprozess-selektionunclassified

Effizienz Compliance-konformer Kontrollprozesse in internen Kontrollsystemen (IKS)

Kühnel

Sackmann

2014

HMD

View full text Add to dashboard Cite

Konzeption eines Systems zur überbetrieblichen Sammlung und Nutzung von quantitativen Daten über Informationssicherheitsvorfälle

Cited by 4 publications

References 13 publications

A Closer Look at Information Security Costs

A Closer Look at Information Security Costs

Execution of Ramp-up Projects in Day-to-Day Operations through a Quantitative Risk Management Approach

Effizienz Compliance-konformer Kontrollprozesse in internen Kontrollsystemen (IKS)

Contact Info

Product

Resources

About