With the dynamic growth of the use of the Internet by enterprises, the number of computer threats and the level of the associated risks has increased rapidly. According to the Ponemon report, ‘The Impact of Cybercrime on Business’, every week there is an average of 66 successful cyber-attacks that cause business disruptions. 1 Targeted attacks cost enterprises $214,000. The expenses are arise from forensic investigation, investments in technology and brand recovery costs. Comprehensive cost-benefit analysis plays a crucial role in the decision-making process when it comes to investments in information security solutions. The cost of breaches needs to be analysed in the context of spending on protection measures. However, no methods exist that facilitate the quick and rough prediction of true expenditures on security protection systems. Rafal Leszczyna of Gdansk University of Technology presents a novel method for evaluating the cost of computer security activities and tests it against a real-world example.
[1]
Thomas Peltier,et al.
Information Security Policies and Procedures: A Practitioner's Reference, Second Edition
,
2004
.
[2]
Wes Sonnenreich,et al.
Return On Security Investment (ROSI) - A Practical Quantitative Modell
,
2005,
J. Res. Pract. Inf. Technol..
[3]
Steve Purser.
A Practical Guide to Managing Information Security (Artech House Technology Management Library)
,
2004
.
[4]
Rebecca T. Mercuri.
Analyzing security costs
,
2003,
CACM.
[5]
Lawrence A. Gordon,et al.
Return on information security investments: Myths vs. Realities.
,
2002
.