Paper Info
Title
Conceptual Design of a Method to Support IS Security Investment Decisions
Abstract
Information Systems are part and parcel of critical infrastructures. In order to safeguard compliance of information systems private enterprises and governmental organizations can implement a large variety of distinct measures, ranging from technical measures (e.g. the employment of a firewall) to organizational measures (e.g. the implementation of a security awareness management). The realization of such measures requires investments with an uncertain prospective return that can hardly be determined. An appropriate method for the profitability assessment of alternative IS security measures has not been developed so far. With this article we propose a conceptual design for a method that enables the determination of the success of alternative security investments on the basis of a process-oriented perspective. Within a design science approach we combine established artifacts of the field of IS security management with those of the field of process management and controlling. On that base we develop a concept that allows decision-makers to prioritize the investments for dedicated IS security measures.
Year
DOI
Venue
2008
10.1007/978-3-540-78942-0_43
Lecture Notes in Business Information Processing
Keywords
Field
DocType
security metrics,ROSI,IT-risk management,IT-compliance
Information system,Conceptual design,Security awareness,Computer science,Decision support system,Knowledge management,Risk analysis (engineering),Information security management,Profitability index,Design science,IT risk management
Conference
Volume
ISSN
Citations 
5
1865-1348
0
PageRank 
References 
Authors
0.34
23
3
Name
Order
Citations
PageRank
Heinz Lothar Grob1135.58
Gereon Strauch283.08
Christian Buddendick3186.68