A model for evaluating IT security investments

被引：162

作者：

Cavusoglu, H ^{[1
]}

Mishra, B

Raghunathan, S

机构：

[1] Tulane Univ, New Orleans, LA 70118 USA

[2] Univ Calif Riverside, Riverside, CA 92521 USA

[3] Univ Texas, Richardson, TX USA

来源：

COMMUNICATIONS OF THE ACM | 2004年 / 47卷 / 07期

关键词：

D O I：

10.1145/1005817.1005828

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

A comprehensive model was proposed to analyze IT security investment problems. The model is found useful to consumers in selecting the optimal configuration of security technologies and to developers in the design and pricing of security systems. IT security infrastructure provides a comprehensive plan that protects the confidentiality, integrity and availability of information resources. It is concluded that the proposed model is useful for understanding the different parameters that affect the optimal investment as well as cost.

引用

页码：87 / 92

页数：6

共 12 条

[1] BERINATO S, 2002, CIO MAGAZINE 0215
[2] THE PRODUCTIVITY PARADOX OF INFORMATION TECHNOLOGY
BRYNJOLFSSON, E
[J]. COMMUNICATIONS OF THE ACM, 1993, 36 (12) : 67 - 77
[3] CAVUSOGLU H, IN PRESS INT J ELECT
[4] COLLOFELLO J, 2000, SOFTWARE DEV RISK MA
[5] Denning T., 2000, Computer Security Journal, V16, P43
[6] Gordon L. A., 2002, ACM Transactions on Information and Systems Security, V5, P438, DOI 10.1145/581271.581274
[7] HOO KJS, 2000, THESIS STANFORD U
[8] LEE W, 2001, J COMPUTER SECURITY
[9] LONGSTAFF T, 2000, IEEE COMPUTER DEC
[10] MOITRA S, CMUSEI2000TR021

← 1 2 →