Towards a standard approach for quantifying an ICT security investment

被引：16

作者：

Bojanc, Rok

Jenman-Blazic, Borka ^{[1
]}

机构：

[1] Jozef Stefan Inst, Ljubljana, Slovenia

来源：

COMPUTER STANDARDS & INTERFACES | 2008年 / 30卷 / 04期

关键词：

security technology investment; cyber crime prevention; information security;

D O I：

10.1016/j.csi.2007.10.013

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

The rise of the potential risks from different attacks on ICT systems means the investment in security technology is growing and is becoming a serious economic issue for many organizations. The assessment of the appropriate investment that is economically affordable and provides enough protection for the enterprise information system is an issue that is analysed here. The paper discusses the identification of the assets, the threats, the vulnerabilities of the ICT systems and provides an approach for the quantification of the necessary investment. The paper concludes with a recommendation for a standard approach to security-information investment assessment. (C) 2007 Elsevier B.V. All rights reserved.

引用

页码：216 / 222

页数：7

共 14 条

[1]

ACQUISTI B, 2006, 5 WORKSH EC INF SEC

[2]

ANDERSON RJ, 2001, 17 ANN COMP SEC APPL

[3]

CAMP LJ, 2006, J LAW POLICY INFORM, V2

[4]

Campbell K., 2003, Journal of Computer Security, V11, P431

[5] A model for evaluating IT security investments [J].

Cavusoglu, H ;

Mishra, B ;

Raghunathan, S .

COMMUNICATIONS OF THE ACM, 2004, 47 (07) :87-92

[6]

*CSI FBI, COMP CRIM SEC SURV

[7]

*DTI, 2006, DTI INFORM SEC BREAC

[8]

Friedman A., 2005, 4 WORKSH EC INF SEC

[9]

Gartner Inc, 2007, GARTN SAYS NUMB ID T

[10]

GEER D, 2002, SECURE BUSINESS Q, V1, P1

← 1 2 →