Have a personal or library account? Click to login
Quantitative Model for Economic Analyses of Information Security Investment in an Enterprise Information System Cover

Quantitative Model for Economic Analyses of Information Security Investment in an Enterprise Information System

Organizacija
Volume 45 (2012): Issue 6 (November 2012)
By: Rok Bojanc and  Borka Jerman-Blažič  
Open Access
|Jan 2013

References

  1. Acquisti, A., Friedman, A. & Telang, R. (2006). Is there a cost to privacy breaches? An event study. In: Workshop on the Economicsof Information Security, UK: Cambridge, Retrieved October 12, 2012 from http://www.heinz.cmu.edu/~acquisti/papers/acquistifriedman-telang-privacy-breaches.pdf
    Search in Google Scholar
  2. Anderson, R. & Schneier, B. (2005). Guest Editor‘s Introduction: Economics of Information Security. IEEE Security and Privacy, 3(1), 12-13, http://dx.doi.org/10.1109/MSP.2005.14 10.1109/MSP.2005.14
    Search in Google Scholar
  3. Anderson, R. (2001). Why information security is hard-an economic perspective, Computer Security Applications. In: ACSAC 2001,Proceedings of the 17th Annual Conference, pp. 358-365, http://dx.doi.org/10.1109/ACSAC.2001.991552 10.1109/ACSAC.2001.991552
    Search in Google Scholar
  4. Bojanc, R. & Jerman-Blažič, B. (2007). Towards a standard approach for quantifying an ICT security investment. Computer Standards& Interfaces, 30(4), 216-222, http://dx.doi.org/10.1016/j.csi.2007.10.013 10.1016/j.csi.2007.10.013
    Search in Google Scholar
  5. Bojanc, R. & Jerman-Blažič, B. (2008). An economic modelling approach to information security risk management. InternationalJournal of Information Management, 28(5), 413-422, http://dx.doi.org/10.1016/j.ijinfomgt.2008.02.002 10.1016/j.ijinfomgt.2008.02.002
    Search in Google Scholar
  6. Bojanc, R., Jerman-Blažič, B. & Tekavčič, M. (2012). Managing the Investment in Information Security Technology by use of Quantitative Modeling Approach, Information Processing &Management, 48(6), 1031-1052, http://dx.doi.org/10.1016/j.ipm.2012.01.001 10.1016/j.ipm.2012.01.001
    Search in Google Scholar
  7. Cavusoglu, H., (2004). Economics of IT Security Management. In: Camp, L. and Lewis, S. (Eds), Economics of InformationSecurity, Vol. 12, pp. 71-83. Springer US, http://dx.doi.org/10.1007/1-4020-8090-5_6 10.1007/1-4020-8090-5_6
    Search in Google Scholar
  8. Computer Security Institute (CSI). (2011). 2010/2011 Computer Crime and Security Survey. The 15th Annual Computer Crime and Security Survey. Retrieved January 17th, 2012, from http://_www.gocsi.com/survey
    Search in Google Scholar
  9. Farahmand, F., Navathe, S., Enslow, P. & Sharp, G. (2003). Managing vulnerabilities of information systems to security incidents. In: ICEC ‚03 Proceedings of the 5th international conference onElectronic commerce, pp. 348-354. ACM: New York, USA, http://dx.doi.org/ http://dx.doi.org/10.1145/948005.948050 10.1145/948005.948050
    Search in Google Scholar
  10. Gordon, A. L. & Loeb, P. M. (2001). Using information security as a response to competitor analysis systems. ACM, 44(9), 70-75, http://dx.doi.org/10.1145/383694.383709 10.1145/383694.383709
    Search in Google Scholar
  11. Gordon, A. L. & Loeb, P. M. (2002). The Economics of Information Security Investment. ACM, 5(4), 438-457, http://dx.doi.org/10.1007/1-4020-8090-5_910.1007/1-4020-8090-5_9
    Search in Google Scholar
  12. Gordon, A. L., & Richardson, R. (April 13, 2004). The New Economics of Information Security. Information Week, 53-56. Retrieved February 11th, 2007, from http://www.banktech.com/ aml/showArticle.jhtml?articleID=18901266
    Search in Google Scholar
  13. Hoo, S. (2000). How Much Is Enough? A Risk-Management ApproachTo Computer Security. Retrieved February 28th, 2010, from www.cl.cam.ac.uk/~rja14/econws/06.doc
    Search in Google Scholar
  14. International Organization for Standardization. (2005). Informationtechnology - Security techniques - Information security managementsystems - Requirements. ISO/IEC 27001:2005. Geneva.
    Search in Google Scholar
  15. International Organization for Standardization. (2009). Informationtechnology - Security techniques - Information securitymanagement systems - Overview and vocabulary. ISO/IEC 27000:2005. Geneva.
    Search in Google Scholar
  16. Matsuura, K. (2009). Productivity Space of Information Security in an Extension of the Gordon-Loeb’s Investment Model. In: Managing Information Risk and the Economics of Security, pp. 99-119. Springer US, http://dx.doi.org/10.1007/978-0-387-09762-6_5 10.1007/978-0-387-09762-6_5
    Search in Google Scholar
  17. McGraw, G. (2006). Software Security: Building Security In. Addison-Wesley Prof . 10.1109/ISSRE.2006.43
    Search in Google Scholar
  18. National Institute of Standards and Technology. (2004). MappingTypes of Information and Information Systems to SecurityCategories. Special Publication 800-60. Gaithersburg, Md.
    Search in Google Scholar
  19. National Institute of Standards and Technology (2005). An Introductionto Computer Security: The NIST Handbook. Special Publication 800-12. Gaithersburg, Md.
    Search in Google Scholar
  20. Ryan, J., & Ryan, D. (2006). Expected benefits of information security investments. Computers & Security, 25(8), 579-588, http://dx.doi.org/10.1016/j.cose.2006.08.001 10.1016/j.cose.2006.08.001
    Search in Google Scholar
  21. Schneier, B. (2003). Beyond Fear: Think Sensibly about Security inan Uncertain World. New York: Copernicus Books.
    Search in Google Scholar
  22. Schneier, B. (2004). Secrets & Lies, Digital Security in a NetworkedWorld. New York: Wiley Publishing.
    Search in Google Scholar
  23. Tanaka, H., Liu, W. & Matsuura, K. (2006). An Empirical Analysis of Security Investment in Countermeasures Based on an Enterprise Survey in Japan. In: Workshop on the Economics of InformationSecurity, UK: Cambridge. Retrieved October 12, 2012, from http://weis2006.econinfosec.org/docs/9.pdf
    Search in Google Scholar
  24. Tanaka, H., Matsuura, K. & Sudoh, O. (2005). Vulnerability and information security investment: An empirical analysis of e-local government in Japan, Journal of Accounting and PublicPolicy, 24(1), 37-59, http://dx.doi.org/10.1016/j.jaccpubpol.2004.12.003 10.1016/j.jaccpubpol.2004.12.003
    Search in Google Scholar
  25. Willemson, J. (2006). On the Gordon and Loeb Model for Information Security Investment. In: Workshop on the Economics ofInformation Security, UK: Cambridge, Retrieved October 12, 2012, from http://weis2006.econinfosec.org/prog.html
    Search in Google Scholar
DOI: https://doi.org/10.2478/v10051-012-0027-z | Journal eISSN: 1581-1832 | Journal ISSN: 1318-5454
Journal RSS Feed
Language: English
Page range: 276 - 288
Published on: Jan 5, 2013
Published by: University of Maribor
In partnership with: Paradigm Publishing Services
Publication frequency: 4 issues per year
Keywords:
Modelling,
Security Technology,
Economic metrics,
Investment,
Enterprise Information System
Related subjects:
Business and economics,
Business management,
Management, organization, corporate governance

© 2013 Rok Bojanc, Borka Jerman-Blažič, published by University of Maribor
This work is licensed under the Creative Commons License.

Previous articleVolume 45 (2012): Issue 6 (November 2012)Next article