Process innovation: reengineering work through information technology
Process innovation: reengineering work through information technology
Modeling and Analysis of Workflows Using Petri Nets
Journal of Intelligent Information Systems - Special issue on workflow management systems
Communications of the ACM
Investigating information systems with action research
Communications of the AIS
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Digital Rights Management: Technological, Economic, and Legal and Political Aspects (Lecture Notes in Computer Science, 2770)
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
International Journal of Electronic Commerce
Analysing the Performance of Security Solutions to Reduce Vulnerability Exposure Window
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Quantitative Evaluation of Enterprise DRM Technology
Electronic Notes in Theoretical Computer Science (ENTCS)
An economic modelling approach to information security risk management
International Journal of Information Management: The Journal for Information Professionals
ARES '12 Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security
Hi-index | 0.00 |
Although Digital Rights Management (DRM) has been proven effective and successful in protecting the confidentiality of sensitive documents by providing access control, DRM products have not been widely adopted and used to their potential. One reason for this could be that cost and benefit of these products have not been analyzed in a systematic and quantitative manner to date. As a result, companies do not have an established procedure to evaluate the cost and benefit of implementing these products. In this document, the benefits of implementing DRM products in enterprises are quantified using stochastic Petri-net models and are compared with the security needs of a corporation and potential costs incurred by the implementation process. An evaluating procedure for implementing DRM products is established. This procedure has the potential to be used to improve the ability of a corporation to make sensible security investment decisions. The implementation of MS IRM (Microsoft Information Rights Management), one of the DRM products, was studied as a type case. In this case study, the MS IRM system was analyzed; a group of security metrics were developed for measuring and evaluating the effectiveness of the MS IRM system, in terms of increased security provided. Stochastic models are a core part of the process. It was found that the business process is a critical factor in determining document security. Although DRM products improve security, they typically increase the cost to the company and potentially reduce the productivity of staff. Therefore, for a successful deployment of the DRM system, it is recommended that a company evaluate the benefit and cost of DRM systems quantitatively using the procedures described in this document.