IDEAS home Printed from https://ideas.repec.org/h/isv/mklp12/267-275.html
   My bibliography  Save this book chapter

Quantitative Model for Information Security Risk Management

Author

Listed:
  • Rok Bojanc

    (ZZI d.o.o., Slovenia)

Abstract

The paper presents a mathematical model to improve our knowledge of information security and risk management in contemporaneous businesses and other organizations. In the world of permanent cyber-attacks to information systems the knowledge about risk management is becoming a crucial task for minimization of the potential risks that can endeavour their operation. Therefore, it requires good knowledge of information security. The prevention of the heavy losses that may happen due to cyber-attacks and other failures in an organization is usually associated with knowledge about appropriate investment in different security measures. With the rise of the potential risks from different cyber-attacks the investment in security services and data protection is growing and is becoming a serious economic issue to many organizations and enterprises. The paper presents a mathematical model for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise. The model makes use of the quantitative analysis of different security measures that counteract individual risks by identifying the information system processes in an enterprise and the potential threats. The selection of security technology is based on the efficiency of selected security measures. Economic metrics are applied for the efficiency assessment and comparative analysis of different protection technologies. Unlike the existing models for evaluation of the security investment, the proposed model allows direct comparison and quantitative assessment of different security measures.

Suggested Citation

  • Rok Bojanc, 2012. "Quantitative Model for Information Security Risk Management," Knowledge and Learning: Global Empowerment; Proceedings of the Management, Knowledge and Learning International Conference 2012,, International School for Social and Business Studies, Celje, Slovenia.
    • Handle: RePEc:isv:mklp12:267-275
    as

    Download full text from publisher

    File URL: http://www.issbs.si/press/ISBN/978-961-6813-10-5/papers/ML12_067.pdf
    File Function: full text
    Download Restriction: no
    File URL: http://www.issbs.si/press/ISBN/978-961-6813-10-5/MakeLearn2012.pdf
    File Function: Conference Programme
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:isv:mklp12:267-275. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Alen Ježovnik (email available below). General contact details of provider: http://www.issbs.si .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.