The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
How much is enough: a risk management approach to computer security
How much is enough: a risk management approach to computer security
Management of Information Security
Management of Information Security
The management of access controls/biometrics in organizations
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
Maximising resource allocation effectiveness for IT security investments
International Journal of Business Information Systems
Hi-index | 0.00 |
Technology continually places greater demands on a firm to maintain, process, and communicate information. The security of this information, with respect to confidentiality, integrity, and availability, is important to the firm. More often then not the department charged with the securing of the information has different strategic goals then the firm. Because the way success of information security investments is measured compared to the way investments that the rest of the firm makes is different, it is difficult for a firm to decide how much to invest in information security. This paper proposes a way to measure information security investments potential by calculating how the investment affects the firm's level or risk averseness. This gives management a better idea of how information security investments will affect the bottom line the by trying to determine the ROI of such an investment. This paper concludes with a discussion on the limitations of this risk tolerance model.