Economics of IT Security Management: Four Improvements to Current Security Practices

Cavusoglu, Hasan; Cavusoglu, Huseyin; Raghunathan, Srinivasan

doi:10.17705/1cais.01403

Cited by 41 publications

(38 citation statements)

References 9 publications

(8 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Al-Humaigani and Dunn (2003), Tsiakis and Stephanides (2005), Hausken (2006), and Davis (2005) also defined economic assessments of information security investment with ROSI and other methods; they approached the correlation between the investment cost and effect of information security with mathematical modeling. Blatchford (1995), Lee (2003), and Cavusoglu et al (2002Cavusoglu et al ( , 2004a categorized various factors that need to be considered during information security investment. Bodin et al (2005) and Scott (1998) also suggested investment criteria for information security and mentioned that as information security investment in general has the characteristic of a long-term guarantee while reducing long-term risk, in many instances it does not provide a quantitative investment effect in the short term.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

An analysis on effects of information security investments: a BSC perspective

Kong

Kim

2010

J Intell Manuf

View full text Add to dashboard Cite

With the growing importance of information security due to the arrival of information society and the spread of the internet, information security is emerging as a tool to guarantee competitive advantage and is at the same time an indispensable requirement for stable business execution for companies and organizations. Additionally, the value of tangible and intangible assets that need to be protected as components of corporate assets are on the rise, where the importance of efficient and effective information asset management and information security investment is increasing for the organizations and companies managing them. However, despite an increase in the information security investment of an organization, there is a lack of systematic methodology pertaining to performance appraisals, which makes decision-making activities and determining means of improvement difficult. The existing financially focused information security investment is inadequate for systematic analyses and understanding due to the opportunity cost type characteristics of information security investment and the difficulty involved in presenting future strategic direction. This paper, considering the characteristics of the effects of information security investment, analyzes from a balanced score card perspective information security investment strategies and performance relationships. In short, critical success factors and key performance indicators are initially obtained from previous research related to information security investment, and the data collected through surveys at related companies and organizations are empirically analyzed utilizing the structural equation model.

show abstract

Section: Theoretical Backgroundmentioning

confidence: 99%

An analysis on effects of information security investments: a BSC perspective

Kong

Kim

2010

J Intell Manuf

View full text Add to dashboard Cite

show abstract

“…Threats related to information security are a major concern for many organizations since these risks may increase their liability and decrease their credibility [15]. The core difference between telemedicine and traditional healthcare is the use of the Internet, and therefore, online patient information security, privacy, and policies are of paramount concern.…”

Section: Literature On Information Security Privacy and Policies Inmentioning

confidence: 99%

Culture Matters: Factors Affecting the Adoption of Telemedicine

Mansouri-Rad

Mahmood

Thompson

et al. 2013

2013 46th Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

1The present research investigates the influence of culture on telemedicine adoption and patient information privacy, security, and policy. The results, based on the SEM analysis of the data collected in the United States, demonstrate that culture plays a significant role in telemedicine adoption. The results further show that culture also indirectly influences telemedicine adoption through information security, information privacy, and information policy. Our empirical results further indicate that information security, privacy, and policy impact telemedicine adoption.

show abstract

“…They found that economic concepts, such as NPV and cost-benefit analysis, are beginning to gain acceptance from senior information security managers in budgeting for information security expenditures. It was also argued that economic analysis can be improved when the decision-makers consider intangible and long-term costs of security breaches, and actions of adversaries when they make their investment decisions (Cawsoglu et al, 2004a).…”

Section: Information Security Literaturementioning

confidence: 99%

“…In fact, organizations balance the costs of managing the risk against the negative consequences of the risk materializing and the potential gains that the organization would enjoy indirectly when the risk is eliminated or reduced. Since organizations spend about 15 cents out of every IT dollar on security (Berinato, 2007), decision-makers are increasingly pressured to get these trade-offs right (Cavusoglu et al, 2004a). …”

Section: Information Security Decision-making Processmentioning

confidence: 99%

Making Sound Security Investment Decisions

Cavusoglu¹

2010

Journal of Information Privacy and Security

View full text Add to dashboard Cite

Despite the findamental importance of information security, organizations make less than optimal investments in it. Since neither under or overinvestment are desirable, organizations should understand barriers that adversely affect their decision-making processes, and may prevent sound investment decisions in the context of information security. In this paper, we highlight major obstacles that decision-makers face when making investment decisions pertaining to information security and suggest ways to deal with those obstacles.

show abstract

Economics of IT Security Management: Four Improvements to Current Security Practices

Cited by 41 publications

References 9 publications

An analysis on effects of information security investments: a BSC perspective

An analysis on effects of information security investments: a BSC perspective

Culture Matters: Factors Affecting the Adoption of Telemedicine

Making Sound Security Investment Decisions

Contact Info

Product

Resources

About