 CITS: The Cost of IT Security FrameworkMarco Spruit and
Wouter de Bruijn
International Journal of Information Security and Privacy (IJISP), 2012, vol. 6, issue 4, 94-116 Abstract: Organizations know that investing in security measures is an important requirement for doing business. But how much should they invest and how should those investments be directed? Many organizations have turned to a risk management approach to identify the largest threats and the control measures that could help mitigate those threats. This research presents the Cost of IT Security (CITS) Framework to support analysis of the costs and benefits of those control measures. This analysis can be performed by using either quantification methods or by using a qualitative approach. Based on a study of five distinct security areas–Identity Management, Network Access Control, Intrusion Detection Systems, Business Continuity Management and Data Loss Prevention–nine cost factors are identified for IT security, and for only five of those nine a quantitative approach is feasible for the cost factor. This study finds that even though quantification methods are useful, organizations that wish to use those should do this together with more qualitative approaches in the decision-making process for security measures. Date: 2012 Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:igg:jisp00:v:6:y:2012:i:4:p:94-116 Access Statistics for this article International Journal of Information Security and Privacy (IJISP) is currently edited by Yassine Maleh More articles in International Journal of Information Security and Privacy (IJISP) from IGI Global |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.