论文信息 - Standard Approach for Quantification of the ICT Security Investment for Cybercrime Prevention

Standard Approach for Quantification of the ICT Security Investment for Cybercrime Prevention

With rise of the potential risks from different cyberattacks on the ICT systems the investment in security technology is growing and is becoming a serious economic issue to many organizations. The assessment of the appropriate investment that is economically affordable and provides enough protection of the enterprise information system is an issue that is analysed in this paper. Identification of the assets, the threats, the vulnerabilities of the ICT systems are presented and the methods for quantification of the necessary investment. The paper concludes with a recommendation for a standard approach for optimal selection of security technology investment.

Borka Jerman-Blazic | Rok Bojanc | B. Jerman-Blazic | Rok Bojanc

[1] Lawrence A. Gordon,et al. The economics of information security investment , 2002, TSEC.

[2] Huseyin Cavusoglu,et al. Model for Evaluating , 2022 .

[3] Ross J. Anderson. Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[4] Allan Friedman,et al. An Empirical Approach to Understanding Privacy Valuation , 2007 .

[5] Wei Liu,et al. An Empirical Analysis of Security Investment in Countermeasures Based on an Enterprise Survey in Japan , 2006, WEIS.

[6] L. Jean Camp,et al. The State of Economics of Information Security , 2006 .

[7] Lawrence A. Gordon,et al. Managing Cybersecurity Resources: A Cost-Benefit Analysis , 2005 .

[8] Lei Zhou,et al. The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from the Stock Market , 2003, J. Comput. Secur..

[9] Alessandro Acquisti,et al. Financial Privacy for Free? US Consumers' Response to FACTA , 2006, WEIS.