Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Cost-Benefit Analysis of Security Investments: Methodology and Case Study

  • Conference paper
Computational Science and Its Applications – ICCSA 2005 (ICCSA 2005)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3482))

Included in the following conference series:

Abstract

We live in an unsafe world in which we encounter threats against our safety and security every day. This is especially true in the information processing environment. Managements are engaging and facing difficult problems to manage information security issues. One of the most brain-teasing management issues is “How they could make a decision on security-related investment to maximize the economic balance?” To solve this problem the ROI of security investments must be measured and managed. This paper provides the integrated methodology which consists of a process model and analysis criteria of cost factors and benefit factors to support an economic justification of security investments. Also, a case study is provided to show practicality of this methodology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Alpar, P., Kim, M.A.: A Microeconomic Approach to the Measurement of Information Technology Value. Journal of Management Information Systems 7 (1990)

    Google Scholar 

  2. Barua, A., et al.: Information Technologies and Business Value: An Analytic and Empirical Investigation. Information Systems Research 6 (1995)

    Google Scholar 

  3. Brynjolfsson, E., Hitt, L.: Paradox Lost? Firm-level Evidence on the Returns to Information Systems. Management Science 42 (1996)

    Google Scholar 

  4. Mahmood, M.A., Mann, G.J.: Measuring the Organizational Impact of Information Technology Investment: An Exploratory Study. Journal of Management Information Systems 10 (1993)

    Google Scholar 

  5. Mitra, S., Chaya, A.K.: Analyzing Cost-effectiveness of Organizations: the Impact of Information Technology Spending. Journal of Management Information Systems 13 (1996)

    Google Scholar 

  6. Rai, A., et al.: Technology Investment and Business Performance. Communications of the ACM 40 (1997)

    Google Scholar 

  7. Eloff, J.H.P., et al.: A Comparative Framework for Risk Analysis Methods. Computers & Security 12 (1993)

    Google Scholar 

  8. Geer, D.E.: Making Choices to Show ROI. Secure Business Quarterly 1 (2001)

    Google Scholar 

  9. Checkland, P.: Systems Thinking, Systems Practice. John Wiley & Sons, Chichester (1981)

    Google Scholar 

  10. Delone, W.H., McLean, E.R.: Information Systems Success: The Quest for the Dependent Variable. Information Systems Research (1992)

    Google Scholar 

  11. Mahmood, M.A.: A Comprehensive Model for Measuring the Potential Impact of Information Technology on Organizational Strategic Variables. Decision Sciences 22 (1991)

    Google Scholar 

  12. Palvia, P.C.: Developing a Model of the Global and Strategic Impact of Information Technology. Information & Management 32 (1997)

    Google Scholar 

  13. Grover, V., et al.: Information Systems Effectiveness: The Construct Space and Patterns of Application. Information & Management 31 (1996)

    Google Scholar 

  14. Saarinen, T., Scheer, A.W.: Business Process Engineering. Springer, Heidelberg (1994)

    Google Scholar 

  15. Torkzadeh, G., Doll, W.J.: The Development of a Tool for Measuring the Perceived Impact of Information Technology on Work, Omega (1999)

    Google Scholar 

  16. Renkema, T.J.W., Berghout, E.W.: Methodologies for Information Systems Investment Evaluation at the Proposal Stage: A Comparative Review. Information and Software Technology 39 (1997)

    Google Scholar 

  17. Remenyi, D., et al.: Effective Measurement and Management of IT Costs and Benefits. Butterworth-Heinemann (2000)

    Google Scholar 

  18. Jiang, J.J., Klein, G.: Information System Project-selection Criteria Variations within Strategic Classes. IEEE Transactions on Engineering Management 46 (1999)

    Google Scholar 

  19. Bacon, C.J.: The Use of Decision Criteria in Selecting Information Systems / Technology Investments. MIS Quarterly (September 1992)

    Google Scholar 

  20. Scott, D.: Security Investment Justification and Success Factors. Gartner (1998)

    Google Scholar 

  21. Bates, R.J.: Disaster Recovery Planning. McGraw-Hill, New York (1991)

    Google Scholar 

  22. Power, R.: CSI/FBI Computer Crime and Security Survey. Computer Security Issues & Trends 18 (2002)

    Google Scholar 

  23. Blakley, B.: Returns on Security Investment: An Imprecise but Necessary Calculation. Secure Business Quarterly 1 (2001)

    Google Scholar 

  24. Witty, R., et al.: The Price of Information Security, Strategic Analysis Report. Gartner (2001)

    Google Scholar 

  25. Malik, W.: A Security Funding Strategy. Gartner (2001)

    Google Scholar 

  26. Kim, S.: A Study on Enterprise Information System Investment Evaluation, Master thesis. Yonsei University (2000)

    Google Scholar 

  27. Harris, S.: CISSP All-in-One Exam Guide. McGraw-Hill, New York (2001)

    Google Scholar 

  28. Roper, C.A.: Risk Management for Security Professionals. Butterworth Heinemann (1999)

    Google Scholar 

  29. Fites, P.E., et al.: Controls and Security of Computer Information Systems. Computer Science Press, Rockville (1989)

    Google Scholar 

  30. Hutt, A.E.: Management’s Roles in Computer Security. In: Computer Security Handbook. Macmillan Publishing Company, Basingstoke (1988)

    Google Scholar 

  31. Vallabhaneni, R.: CISSP Examination Textbooks. SRV Professional Publications (2000)

    Google Scholar 

  32. Krutz, R.L., Vines, R.D.: The CISSP Prep Guide: Mastering the Ten Domains of Computer Security. John Wiley & Sons, Chichester (2001)

    Google Scholar 

  33. Schweitzer, J.A.: Protecting Information in the Electronic Workplace: A Guide for Managers. Reston Publishing Company (1983)

    Google Scholar 

  34. Scott, D., Malik, W.: Best Practices in Business Continuity Planning. In: Symposium/ITxpo 2001 (2001)

    Google Scholar 

  35. Porter, M.E.: How Competitive Forces Shape Strategy. Harvard Business Review 57 (1979)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Woorim e-Biz Center, Somansa, Yangpyeongdong 3-ga, Yeongdeungpogu, Seoul, Korea

    Sangkyun Kim

  2. P&M Research Team, Quality & Reliability Lab., DAEWOO Electronics Corp., 412 Cheong-chun 2 dong, ByuPyung, Incheon, Korea

    Hong Joo Lee

Authors
  1. Sangkyun Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hong Joo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  2. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  3. William Norris Professor, Head of the Computer Science and Engineering, Department University of Minnesota, USA

    Vipin Kumar

  4. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganà

  5. Institute of High Performance Computing, IHCP, 1 Science Park Road, 01-01 The Capricorn, Singapore Science Park II, 117528, Singapore

    Heow Pueh Lee

  6. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  7. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  8. OptimaNumerics Ltd, Belfast, United Kingdom

    Chih Jeng Kenneth Tan

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, S., Lee, H.J. (2005). Cost-Benefit Analysis of Security Investments: Methodology and Case Study. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3482. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424857_132

Download citation

  • DOI: https://doi.org/10.1007/11424857_132

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25862-9

  • Online ISBN: 978-3-540-32045-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation