Identifying the Cost of Security

W. Bruijn, de, M.R. Spruit, M. Heuvel, van der

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    Abstract

    Organizations know that investing in security measures is an important requirement for doing business. But how much should they invest and how should those investments be directed? Many organizations have turned to a risk management approach to identify the largest threats and the control measures that could mitigate those threats. These papers present a framework to help in an analysis of the costs and benefits of control measures. Based on a study of five distinct security areas – Identity Management, Network Access Control, Intrusion Detection Systems, Business Continuity Management and Data Loss Prevention – cost factors are identified for IT security, and whether a quantitative or qualitative approach should be taken for each cost factor. This study finds that even tough quantification methods are useful, organizations should not put their trust in such methods alone in the decision-making process for security measures.
    Original languageUndefined/Unknown
    Title of host publicationProceedings of the AIS SIGSEC Workshop on Information Security & Privacy (WISP 2008)
    Publication statusPublished - 13 Dec 2008

    Cite this