To Invest or Not to Invest? Assessing the Economic Viability of a Policy and Security Configuration Management Tool
作者: Lukas Demetz , Daniel Bachlechner
DOI: 10.1007/978-3-642-39498-0_2
关键词:
摘要: The threat of information security (IS) breaches is omnipresent. Large organizations such as Sony or Lockheed Martin were recently attacked and lost confidential customer information. Besides targeted attacks, virus malware infections, stolen laptops mobile devices, the abuse organizational IT through employees, to name but a few, also put assets in jeopardy. To defend against IS threats, invest countermeasures preventing, or, at least, reducing probability impact breaches. As budgets are constrained number be protected large, investments need deliberately evaluated. Several approaches for evaluation presented literature. In this chapter, we identify, compare, evaluate using example policy configuration management tool. Such tool expected reduce costs increase trustworthiness organizations. It was found that none analyzed can used without reservation assessment economic viability an example. We see, however, considerable potential new combining different elements existing approaches.
springer.com
econinfosec.org 
sci-hub.st 参考文章(39)
Adrian Mizzi, Return on Information Security Investment - The Viability Of An Anti-Spam Solution In A Wireless Environment International Journal of Network Security. ,vol. 10, pp. 18- 24 ,(2010) , 10.6633/IJNS.201001.10(1).03
Nicolas Sklavos, Panagiotis Souras, Economic Models and Approaches in Information Security for Computer Networks International Journal of Network Security. ,vol. 2, pp. 14- 20 ,(2006) , 10.6633/IJNS.200601.2(1).02
Kanta Matsuura, Productivity Space of Information Security in an Extension of the Gordon-Loeb’s InvestmentModel Managing Information Risk and the Economics of Security. pp. 99- 119 ,(2009) , 10.1007/978-0-387-09762-6_5
Jan Willemson, On the Gordon & Loeb Model for Information Security Investment. WEIS. ,(2006)
Theodosios Kosmas Tsiakis, Georgios Dimitrios Pekos, Analysing and determining Return on Investment for Information Security ,(2008)
Martin P. Loeb, Lawrence A. Gordon, William Lucyshyn, Information Security Expenditures and Real Options: A Wait-and-See Approach Social Science Research Network. ,(2003)
Sangkyun Kim, Hong Joo Lee, Cost-Benefit analysis of security investments: methodology and case study international conference on computational science and its applications. pp. 1239- 1248 ,(2005) , 10.1007/11424857_132
Robert S. Kaplan, David P. Norton, The balanced scorecard : measures that drive performance ,(2015)
M. Al-Humaigani, D.B. Dunn, A model of return on investment for information systems security midwest symposium on circuits and systems. ,vol. 1, pp. 483- 485 ,(2003) , 10.1109/MWSCAS.2003.1562323
R. Shirey, Internet Security Glossary RFC. ,vol. 2828, pp. 1- 212 ,(2000)