International Journal of Network Management
Using information security as a response to competitor analysis systems
Communications of the ACM
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Managing vulnerabilities of information systems to security incidents
ICEC '03 Proceedings of the 5th international conference on Electronic commerce
Secrets and Lies: Digital Security in a Networked World
Secrets and Lies: Digital Security in a Networked World
Evaluating information security investments using the analytic hierarchy process
Communications of the ACM - Medical image modeling
Budgeting process for information security expenditures
Communications of the ACM - Personal information management
Software Security: Building Security In
Software Security: Building Security In
Towards a standard approach for quantifying an ICT security investment
Computer Standards & Interfaces
An economic modelling approach to information security risk management
International Journal of Information Management: The Journal for Information Professionals
Hi-index | 0.00 |
This paper presents a mathematical model for an optimal security-technology investment evaluation and decision-making processes based on a quantitative analysis of the security risks and a digital-assets assessment in an organization. The model makes use of a quantitative analysis of different security measures that counteract individual risks by identifying the information-system processes in an enterprise and the potential threats. The model comprises the target security levels for all the identified core business processes and the probability of a security accident together with the possible loss the organization may suffer. The model allows in-depth analyses and computations providing quantitative assessments of different options for investments, which translate into recommendations that facilitate the selection of the best solution and the associated decision-making. The model was tested using empirical examples and mathematical simulations with data from a real business environment.