Budgeting process for information security expenditures

被引：79

作者：

Gordon, LA ^{[1
]}

Loeb, MP ^{[1
]}

机构：

[1] Univ Maryland, Robert H Smith Sch Business, College Pk, MD 20742 USA

来源：

COMMUNICATIONS OF THE ACM | 2006年 / 49卷 / 01期

关键词：

Budget control - Computer software - Costs - Decision making - Investments - Personnel;

D O I：

10.1145/1107458.1107465

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

An empirical study to examine the way corporations make decisions regarding information security expenditures is conducted. The study assessed whether firms approach the budgeting process for information security expenditures in a rational economic manner-based on cost-benefit analysis. Emperical evidence shows that cost-benefit analysis is a sound basis for budgeting information security expenditure. The cost associated with information security activities relate to a host of items, including hardware, software and personnel. A rational economic process used for budgeting capital investments applies cost-benefit analysis using the net present value (NPV). The use of NPV approach to derive an optimal expenditure level can be regarded as an ideal economic approach for budgeting information security. The ability to estimate benefits is a key factor driving the use of NPV analysis in decisions concerning the level of expenditures on information security.

引用

页码：121 / 125

页数：5

共 7 条

[1] [Anonymous], 2001, P 17 ANN COMP SEC AP
[2] Campbell K., 2003, Journal of Computer Security, V11, P431
[3] Gordon L. A., 2002, ACM Transactions on Information and Systems Security, V5, P438, DOI 10.1145/581271.581274
[4] Gordon L.A., 2003, J ACCOUNT PUBLIC POL, V22, P461, DOI DOI 10.1016/J.JACCPUBPOL.2003.09.001
[5] Gordon L. A., 2003, Computer Security Journal, V19, P1
[6] BENEFIT COST-ANALYSIS AND RESOURCE-ALLOCATION DECISIONS
GORDON, LA
[J]. ACCOUNTING ORGANIZATIONS AND SOCIETY, 1989, 14 (03) : 247 - 258
[7] HAKA SF, 1985, ACCOUNT REV, V60, P651

← 1 →