Quantitative Model for Information Security Risk Management
The paper presents a mathematical model to improve our knowledge of information security and risk management in contemporaneous businesses and other organizations. In the world of permanent cyber-attacks to information systems the knowledge about risk management is becoming a crucial task for minimization of the potential risks that can endeavour their operation. Therefore, it requires good knowledge of information security. The prevention of the heavy losses that may happen due to cyber-attacks and other failures in an organization is usually associated with knowledge about appropriate investment in different security measures. With the rise of the potential risks from different cyber-attacks the investment in security services and data protection is growing and is becoming a serious economic issue to many organizations and enterprises. The paper presents a mathematical model for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise. The model makes use of the quantitative analysis of different security measures that counteract individual risks by identifying the information system processes in an enterprise and the potential threats. The selection of security technology is based on the efficiency of selected security measures. Economic metrics are applied for the efficiency assessment and comparative analysis of different protection technologies. Unlike the existing models for evaluation of the security investment, the proposed model allows direct comparison and quantitative assessment of different security measures.
|This chapter was published in: Rok Bojanc , , pages 267-275, 2012.|
|This item is provided by International School for Social and Business Studies, Celje, Slovenia in its series Knowledge and Learning: Global Empowerment; Proceedings of the Management, Knowledge and Learning International Conference 2012 with number 267-275.|
|Contact details of provider:|| Web page: http://www.issbs.si|
When requesting a correction, please mention this item's handle: RePEc:isv:mklp12:267-275. See general information about how to correct material in RePEc.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: (Alen Ježovnik)
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
If references are entirely missing, you can add them using this form.
If the full references list an item that is present in RePEc, but the system did not link to it, you can help with this form.
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your profile, as there may be some citations waiting for confirmation.
Please note that corrections may take a couple of weeks to filter through the various RePEc services.