IDEAS home Printed from https://ideas.repec.org/a/vrs/organi/v45y2012i6p276-288n2.html
   My bibliography  Save this article

Quantitative Model for Economic Analyses of Information Security Investment in an Enterprise Information System

Author

Listed:
  • Bojanc Rok

    (ZZI, Pot k sejmišču 33, 1231 Ljubljana-Črnuče, Slovenia)

  • Jerman-Blažič Borka

    (Jožef Stefan Institute, Jamova 39, 1000 Ljubljana, Slovenia)

Abstract

The paper presents a mathematical model for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise. The model makes use of the quantitative analysis of different security measures that counteract individual risks by identifying the information system processes in an enterprise and the potential threats. The model comprises the target security levels for all identified business processes and the probability of a security accident together with the possible loss the enterprise may suffer. The selection of security technology is based on the efficiency of selected security measures. Economic metrics are applied for the efficiency assessment and comparative analysis of different protection technologies. Unlike the existing models for evaluation of the security investment, the proposed model allows direct comparison and quantitative assessment of different security measures. The model allows deep analyses and computations providing quantitative assessments of different options for investments, which translate into recommendations facilitating the selection of the best solution and the decision-making thereof. The model was tested using empirical examples with data from real business environment.

Suggested Citation

  • Bojanc Rok & Jerman-Blažič Borka, 2012. "Quantitative Model for Economic Analyses of Information Security Investment in an Enterprise Information System," Organizacija, Sciendo, vol. 45(6), pages 276-288, November.
    • Handle: RePEc:vrs:organi:v:45:y:2012:i:6:p:276-288:n:2
    DOI: 10.2478/v10051-012-0027-z
    as

    Download full text from publisher

    File URL: https://doi.org/10.2478/v10051-012-0027-z
    Download Restriction: no
    File URL: https://libkey.io/10.2478/v10051-012-0027-z?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:vrs:organi:v:45:y:2012:i:6:p:276-288:n:2. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Peter Golla (email available below). General contact details of provider: https://www.sciendo.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.