Investment analysis of Information Security Management in Croatian seaports

Existing models of Information Security Management Systems in seaports usually involve threat evaluation, vulnerability management and risk analysis. Threat evaluation is a catalogue based analysis, outlining various applicable protection levels related to architecture, hardware, software and personnel, aiming to standardize the information security management approach. Vulnerability analysis is attempting to evaluate organizational and technical aspects of all information security components in terms of their inherent flaws. Risk analysis combines both threat and vulnerability analysis in order to define countermeasures in an objective, measurable and sustainable way. However, very often all three possible approaches are devoid of economic and financial analysis of seaport information security investments. In this paper authors propose a combined model which includes both technical and financial approach to information security management and decision-making in Croatian Port Community Systems.