Advanced Search
MyIDEAS: Login to save this book chapter or follow this series

Quantitative Model for Information Security Risk Management

Contents:

Author Info

  • Rok Bojanc

    (ZZI d.o.o., Slovenia)

Registered author(s):

    Abstract

    The paper presents a mathematical model to improve our knowledge of information security and risk management in contemporaneous businesses and other organizations. In the world of permanent cyber-attacks to information systems the knowledge about risk management is becoming a crucial task for minimization of the potential risks that can endeavour their operation. Therefore, it requires good knowledge of information security. The prevention of the heavy losses that may happen due to cyber-attacks and other failures in an organization is usually associated with knowledge about appropriate investment in different security measures. With the rise of the potential risks from different cyber-attacks the investment in security services and data protection is growing and is becoming a serious economic issue to many organizations and enterprises. The paper presents a mathematical model for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise. The model makes use of the quantitative analysis of different security measures that counteract individual risks by identifying the information system processes in an enterprise and the potential threats. The selection of security technology is based on the efficiency of selected security measures. Economic metrics are applied for the efficiency assessment and comparative analysis of different protection technologies. Unlike the existing models for evaluation of the security investment, the proposed model allows direct comparison and quantitative assessment of different security measures.

    Download Info

    If you experience problems downloading a file, check if you have the proper application to view it first. In case of further problems read the IDEAS help page. Note that these files are not on the IDEAS site. Please be patient as the files may be large.
    File URL: http://www.issbs.si/press/ISBN/978-961-6813-10-5/papers/ML12_067.pdf
    File Function: full text
    Download Restriction: no

    File URL: http://www.issbs.si/press/ISBN/978-961-6813-10-5/MakeLearn2012.pdf
    File Function: Conference Programme
    Download Restriction: no

    Bibliographic Info

    as in new window

    This chapter was published in: Rok Bojanc , , pages 267-275, 2012.

    This item is provided by International School for Social and Business Studies, Celje, Slovenia in its series Knowledge and Learning: Global Empowerment; Proceedings of the Management, Knowledge and Learning International Conference 2012 with number 267-275.

    Handle: RePEc:isv:mklp12:267-275

    Contact details of provider:
    Web page: http://www.issbs.si

    Related research

    Keywords: information technology management; modelling security technology; risk management;

    References

    No references listed on IDEAS
    You can help add them by filling out this form.

    Citations

    Lists

    This item is not listed on Wikipedia, on a reading list or among the top items on IDEAS.

    Statistics

    Access and download statistics

    Corrections

    When requesting a correction, please mention this item's handle: RePEc:isv:mklp12:267-275. See general information about how to correct material in RePEc.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Goran Dakovic).

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If references are entirely missing, you can add them using this form.

    If the full references list an item that is present in RePEc, but the system did not link to it, you can help with this form.

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your profile, as there may be some citations waiting for confirmation.

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.