Abstract | ||
---|---|---|
Information Systems are part and parcel of critical infrastructures. In order to safeguard compliance of information systems private enterprises and governmental organizations can implement a large variety of distinct measures, ranging from technical measures (e.g. the employment of a firewall) to organizational measures (e.g. the implementation of a security awareness management). The realization of such measures requires investments with an uncertain prospective return that can hardly be determined. An appropriate method for the profitability assessment of alternative IS security measures has not been developed so far. With this article we propose a conceptual design for a method that enables the determination of the success of alternative security investments on the basis of a process-oriented perspective. Within a design science approach we combine established artifacts of the field of IS security management with those of the field of process management and controlling. On that base we develop a concept that allows decision-makers to prioritize the investments for dedicated IS security measures. |
Year | DOI | Venue |
---|---|---|
2008 | 10.1007/978-3-540-78942-0_43 | Lecture Notes in Business Information Processing |
Keywords | Field | DocType |
security metrics,ROSI,IT-risk management,IT-compliance | Information system,Conceptual design,Security awareness,Computer science,Decision support system,Knowledge management,Risk analysis (engineering),Information security management,Profitability index,Design science,IT risk management | Conference |
Volume | ISSN | Citations |
5 | 1865-1348 | 0 |
PageRank | References | Authors |
0.34 | 23 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Heinz Lothar Grob | 1 | 13 | 5.58 |
Gereon Strauch | 2 | 8 | 3.08 |
Christian Buddendick | 3 | 18 | 6.68 |