Cost-Benefit analysis of security investments: methodology and case study

Authors:
Sangkyun Kim;Hong Joo Lee
Affiliations:
Woorim e-Biz Center, Somansa, Seoul, Korea;P&M Research Team, Quality & Reliability Lab., DAEWOO Electronics Corp., Incheon, Korea
Venue:
ICCSA'05 Proceedings of the 2005 international conference on Computational Science and Its Applications - Volume Part III
Year:
2005

Citing 16
Cited 1

Control and security of computer information systems

Control and security of computer information systems
A microeconomic approach to the measurement of information technology value

Journal of Management Information Systems
The use of decision criteria in selecting information systems/technology investments

MIS Quarterly
A comparative framework for risk analysis methods

Computers and Security
Paradox lost? Firm-level evidence on the returns to information systems spending

Management Science
Technology investment and business performance

Communications of the ACM
Information systems effectiveness: the construct space and patterns of application

Information and Management
Developing a model of the global and strategic impact of information technology

Information and Management
Risk Management for Security Professionals

Risk Management for Security Professionals
Business Process Engineering

Business Process Engineering
Protecting Information in the Electronic WorkPlace: A Guide for Managers

Protecting Information in the Electronic WorkPlace: A Guide for Managers
Effective Measurement and Management of It Costs and Benefits: Key Issues

Effective Measurement and Management of It Costs and Benefits: Key Issues
The CISSP Prep Guide: Mastering the Ten Domains of Computer Security

The CISSP Prep Guide: Mastering the Ten Domains of Computer Security
CISSP Certification All-in-One Exam Guide

CISSP Certification All-in-One Exam Guide
Analyzing cost-effectiveness of organizations: the impact of information technology spending

Journal of Management Information Systems - Special section: Strategic and competitive information systems
Measuring the organizational impact of information technology investment: an exploratory study

Journal of Management Information Systems - Special section: Realizing value from information technology investment

Firms' information security investment decisions: Stock market evidence of investors' behavior

Decision Support Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We live in an unsafe world in which we encounter threats against our safety and security every day. This is especially true in the information processing environment. Managements are engaging and facing difficult problems to manage information security issues. One of the most brain-teasing management issues is “How they could make a decision on security-related investment to maximize the economic balance?” To solve this problem the ROI of security investments must be measured and managed. This paper provides the integrated methodology which consists of a process model and analysis criteria of cost factors and benefit factors to support an economic justification of security investments. Also, a case study is provided to show practicality of this methodology.