Enemy at the gate: threats to information security
Communications of the ACM - Program compaction
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Journal of Computer Security - IFIP 2000
A model for evaluating IT security investments
Communications of the ACM - Has the Internet become indispensable?
Economics of Software Vulnerability Disclosure
IEEE Security and Privacy
Information Security Risk Analysis
Information Security Risk Analysis
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Improving CVSS-based vulnerability prioritization and response with context information
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Fuzzy economic decision-models for information security investment
IMCAS'10 Proceedings of the 9th WSEAS international conference on Instrumentation, measurement, circuits and systems
Information security investment decision-making based on fuzzy economics
WSEAS TRANSACTIONS on SYSTEMS
Firms' information security investment decisions: Stock market evidence of investors' behavior
Decision Support Systems
Cyber security in a cloud with insight on the Slovenian situation
ECC'11 Proceedings of the 5th European conference on European computing conference
Managing the investment in information security technology by use of a quantitative modeling
Information Processing and Management: an International Journal
The economic impact of cyber terrorism
The Journal of Strategic Information Systems
Selection of optimal countermeasure portfolio in IT security planning
Decision Support Systems
Cost-benefit analysis of digital rights management products using stochastic models
Proceedings of the 46th Annual Simulation Symposium
Hi-index | 0.00 |
This paper presents an approach enabling economic modelling of information security risk management in contemporaneous businesses and other organizations. In the world of permanent cyber attacks to ICT systems, risk management is becoming a crucial task for minimization of the potential risks that can endeavor their operation. The prevention of the heavy losses that may happen due to cyber attacks and other information system failures in an organization is usually associated with continuous investment in different security measures and purchase of data protection systems. With the rise of the potential risks the investment in security services and data protection is growing and is becoming a serious economic issue to many organizations and enterprises. This paper analyzes several approaches enabling assessment of the necessary investment in security technology from the economic point of view. The paper introduces methods for identification of the assets, the threats, the vulnerabilities of the ICT systems and proposes a procedure that enables selection of the optimal investment of the necessary security technology based on the quantification of the values of the protected systems. The possibility of using the approach for an external insurance based on the quantified risk analyses is also provided.