Value creation and return on security investments (ROSI)

IFIP International Federation for Information Processing

Volumn 232, Issue , 2007, Pages 25-35

  Magnusson, Christer ^a   Molvidsson, Josef ^a   Zetterqvist, Sven ^a  

^a STOCKHOLM UNIVERSITY   (Sweden)

Author keywords

[No Author keywords available]

Indexed keywords

BUSINESS SEGMENTS; IT SECURITY; PRODUCTIVITY PARADOX; SECURITY INVESTMENTS; SHAREHOLDER VALUES; VALUE CREATION;

INDUSTRY; SECURITY SYSTEMS; SHAREHOLDERS;

SECURITY OF DATA;

EID: 36248980334     PISSN: 15715736     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-72367-9_3     Document Type: Conference Paper

References (18)

1. T. Copeland, T. Koller, and J. Murrin, Valuation, Measuring and Managing the value of companies, second edition, McKinsey & Company, Inc. (John Wiley & Sons, Inc, 1995).
2. J. McTaggart, P. Kontes, M. Mankins, in: Shareholder Value, I. Cornelius and M. Davies (FT Financial Publishing, Pearson Professional Limited, London, 1997), p. 223.
3. C. Alberts and A. Dorofee, Managing Information Security Risks, The OCTAVE Approach, Carnegie Mellon Software Engineering Institute, USA (Addison Wesley, 2003).
4. A. Granova and J.H.P. Eloff, Who Carries The Risk? Proceedings of the 4TH Annual International Information Security South Africa conference, July 2004, (ISBN 1-86854-522-9).
5. B. V. Solms and R. V. Solms, The 10 deadly sins of information security management, in: Computers & Security, Vol.23 No 5 (ISSN 0167 -4048, 2004), pp. 371-376.
6. J.H.P. Eloff, Tactical level - an overview of the latest trends in risk analysis, certification, best practices and international standards. Information Security Architectures Workshop, Fribourg, Switzerland, February 2002.
7. P.A. David, The Dynamo and the Computer: An Historical Perspective on the Modern Productivity Paradox, (American Economic Review, 1990).
8. T. Falk and N-G. Olve, IT som strategisk resurs (Liber-Hermods, 1996).
9. K.J. Soo Hoo, How Much Is Enough? A Risk Management Approach to Computer Security, Ph.D. Thesis, University of Stanford, 2000.
10. H. Wei, D. Frinke, O. Carter, and C. Ritter Wei, Cost-Benefit Analysis for Network Intrusion Detection, Centre for Secure and Dependable Software, University of Idaho, Proceedings of the 28th Annual Computer Security Conference October, 2001.
11. K.J. Soo Hoo, A.W. Sudbury, A.R. Jaquith, Tangible ROI through Secure Software Engineering (Secure Business Quarterly, 4th Quarter 2001).
12. The CERT® Coordination Center (April 30, 2003); http://www.cert.org.
13. S.D. Moitra and S.L. Konda, A Simulation Model for Managing Survivability of Networked Information Systems, Technical Report CMU/ SEI-2000-TR-020, Carnegie Mellon Software Engineering Institute, 2000.
14. D.W. Straub and R.J. Welke, Coping With Systems Risk: Security Planning Models for Management Decision Making (MIS Quarterly, December 1998).
15. J. Sherwood, A. Clark, A, and D. Lynas., Enterprise Security Architecture: A business driven approach (CMP Books, USA, 2005).
16. M. K. Nalla, K. Christian, M. Morash, and P. Schram, Practitioners' perceptions of graduate curriculum in security education (Security Journal, 6, 1995), pp. 93-99.
17. I. O. Angell, Computer security in these uncertain times: The need for a new approach. Proceedings of the Tent World Conference on Computer Security, Audit and Control, COMPSEC, London, UK, 1993, pp. 382-388.
18. Eleventh Annual CSI/FBI Computer Crime and Security Survey, Computer Security Institute, 2006; www.gocsi.com.