Economics at your fingertips  

Quantitative Model for Information Security Risk Management

Rok Bojanc
Additional contact information
Rok Bojanc: ZZI d.o.o., Slovenia

from International School for Social and Business Studies, Celje, Slovenia

Abstract: The paper presents a mathematical model to improve our knowledge of information security and risk management in contemporaneous businesses and other organizations. In the world of permanent cyber-attacks to information systems the knowledge about risk management is becoming a crucial task for minimization of the potential risks that can endeavour their operation. Therefore, it requires good knowledge of information security. The prevention of the heavy losses that may happen due to cyber-attacks and other failures in an organization is usually associated with knowledge about appropriate investment in different security measures. With the rise of the potential risks from different cyber-attacks the investment in security services and data protection is growing and is becoming a serious economic issue to many organizations and enterprises. The paper presents a mathematical model for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise. The model makes use of the quantitative analysis of different security measures that counteract individual risks by identifying the information system processes in an enterprise and the potential threats. The selection of security technology is based on the efficiency of selected security measures. Economic metrics are applied for the efficiency assessment and comparative analysis of different protection technologies. Unlike the existing models for evaluation of the security investment, the proposed model allows direct comparison and quantitative assessment of different security measures.

Keywords: information technology management; modelling security technology; risk management (search for similar items in EconPapers)
Date: 2012
References: Add references at CitEc
Citations: Track citations by RSS feed

Downloads: (external link) full text (application/pdf) Conference Programme (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link:

Access Statistics for this chapter

More chapters in Knowledge and Learning: Global Empowerment; Proceedings of the Management, Knowledge and Learning International Conference 2012 from International School for Social and Business Studies, Celje, Slovenia
Bibliographic data for series maintained by Alen Ježovnik ().

Page updated 2020-04-26
Handle: RePEc:isv:mklp12:267-275