Quantitative Model for Information Security Risk Management
Additional contact information
Rok Bojanc: ZZI d.o.o., Slovenia
from International School for Social and Business Studies, Celje, Slovenia
The paper presents a mathematical model to improve our knowledge of information security and risk management in contemporaneous businesses and other organizations. In the world of permanent cyber-attacks to information systems the knowledge about risk management is becoming a crucial task for minimization of the potential risks that can endeavour their operation. Therefore, it requires good knowledge of information security. The prevention of the heavy losses that may happen due to cyber-attacks and other failures in an organization is usually associated with knowledge about appropriate investment in different security measures. With the rise of the potential risks from different cyber-attacks the investment in security services and data protection is growing and is becoming a serious economic issue to many organizations and enterprises. The paper presents a mathematical model for the optimal security-technology investment evaluation and decision-making processes based on the quantitative analysis of security risks and digital asset assessments in an enterprise. The model makes use of the quantitative analysis of different security measures that counteract individual risks by identifying the information system processes in an enterprise and the potential threats. The selection of security technology is based on the efficiency of selected security measures. Economic metrics are applied for the efficiency assessment and comparative analysis of different protection technologies. Unlike the existing models for evaluation of the security investment, the proposed model allows direct comparison and quantitative assessment of different security measures.
Keywords: information technology management; modelling security technology; risk management (search for similar items in EconPapers)
References: Add references at CitEc
Citations: Track citations by RSS feed
Downloads: (external link)
http://www.issbs.si/press/ISBN/978-961-6813-10-5/papers/ML12_067.pdf full text (application/pdf)
http://www.issbs.si/press/ISBN/978-961-6813-10-5/MakeLearn2012.pdf Conference Programme (application/pdf)
This item may be available elsewhere in EconPapers: Search for items with the same title.
Export reference: BibTeX
RIS (EndNote, ProCite, RefMan)
Persistent link: https://EconPapers.repec.org/RePEc:isv:mklp12:267-275
Access Statistics for this chapter
More chapters in Knowledge and Learning: Global Empowerment; Proceedings of the Management, Knowledge and Learning International Conference 2012 from International School for Social and Business Studies, Celje, Slovenia
Bibliographic data for series maintained by Alen Ježovnik ().