Methods on determining the investment in IT security

Analyzing Security, Trust, and Crime in the Digital World

Volumn , Issue , 2013, Pages 22-34

  Eisenga, Amanda ^a   Rodriguez, Walter ^a   Jones, Travis ^a  

^a FLORIDA GULF COAST UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EARNINGS; SECURITY OF DATA; SECURITY SYSTEMS;

APPROPRIATE INVESTMENT; DIGITAL AGE; IT INFRASTRUCTURES; IT SECURITY; RATE OF RETURN;

INVESTMENTS;

EID: 84957026225     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.4018/978-1-4666-4856-2.ch002     Document Type: Chapter

References (22)

1. Anderson, R. (2001). Why information security is hard-an economic perspective. Cambridge, UK: University of Cambridge Computer Laboratory. doi:10.1109/ACSAC.2001.991552.
2. Applegate, L. M., Austin, R. D., & Soule, D. L. (2009). Corporate information strategy and management: Texts and cases (8th ed.). New York: McGraw-Hill Companies, Inc.
3. Baskerville, R. (1993). Information systems security design methods: Implications for information systems development. ACM Computing Surveys. doi:10.1145/162124.162127.
4. Bistarelli, S., Fioravanti, F., & Peretti, P. (2006). Defense trees for economic evaluation of security investments. Dipartimento di Scienze, Universita degli, Studi g. d'Annunzio. D.O.I.
5. Bodin, L., Gordon, L. A., & Loeb, M. P. (2008). Information security and risk management. Communications of the ACM, 51(4), 64-68. doi:10.1145/1330311.1330325.
6. Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). A model for evaluating IT security investments. Communications of the ACM. doi:10.1145/1005817.1005828.
7. Froude, J. (2010). How to choose a firewall. Retrieved from http://www.inc.com/ss/how-choosefirewall#5.
8. Garg, A. G., Curtis, J., & Halper, H. (2003). Quantifying the financial impact of of IT security breaches. Information Management & Computer Security, 74-84. doi:10.1108/09685220310468646.
9. Gordon, L. A., & Loeb, M. P. (2006). Budgeting process for information security expenditures: Empirical evidence. Communications of the ACM, 49(1), 121-125. doi:10.1145/1107458.1107465.
10. Hartman, J. C., & Schafrick, I. C. (2004). The relevant internal rate of return. The Engineering Economist, 49(2), 139-158. doi:10.1080/00137910490453419.
11. Horngren, C. T., Datar, S. M., Foster, G., Rajan, M., & Ittner, C. (2009). Cost accounting: A mangerial emphasis (13th ed.). Upper Saddle River, NJ: Pearson Prentice Hall.
12. Kaplan, R.S., & Norton, D.P. (1992, January-February). The balanced scorecard-measures that drive performance. HBR onPoint.
13. Kaplan, R. S., & Norton, D. P. (1993, September-October). Putting the balanced scorecard to work. Harvard Business Review.
14. Mercuri, R. T. (2002). Analyzing security costs. Communications of the ACM. PMID:12238525.
15. Olavsrud, T. (2012). Cost of data breaches declines. CIO. Retrieved from http://www.cio.com/article/702494/Cost_of_Data_Breaches_Declines?page=2&taxonomyId=3154.
16. Ponemon Institute. LLC. (2010). 2009 annual study: Cost of a data breach understanding financial impact, customer turnover, and preventive solutions. Ponemon Institute LLC. Retrieved from http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/US_Ponemon_CODB_09_012209_sec.pdf.
17. Ponemon Institute. LLC. (2011). 2010 annual study: U.S. cost of a data breach compliance pressures, cyber attacks targeting sensitive data drive leading IT organizations to respond quickly and pay more. Ponemon Institute LLC. Retrieved from http://www.symantec.com/content/en/us/about/media/pdfs/symantec_ponemon_data_breach_costs_report.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2011Mar_worldwide_costofdatabreach.
18. Ross, S. (1995). Uses, abuses, and alternatives to the net-present-value rule. Financial Management, 24(3), 96-102. doi:10.2307/3665561.
19. Ross, S., Westerfield, R., & Jordan, B. (2009). Fundamentals of corporate finance (9th ed.). New York: McGraw-Hill Irwin.
20. Sonnenreich, W., Albanese, J., & Stout, B. (2006). Return on security investment (ROSI)- A practical quantitative method. Journal of Research and Practice in Information Technology.
21. Stoneburner, G., Goguen, A., & Feringa, A. (2002). NIST: National institute of standards and technology. Retrieved November 10, 2011, from http://ibexsecurity.com/cissp/NIST%20Security%20Guides/sp800-30.pdf.
22. Tallau, L. J., Gupta, M., & Sharman, R. (2010). Information security investment decisions: Evaluating the balanced scorecard method. Int. J. Business Information Systems, 5(1), 34-57. doi:10.1504/IJBIS.2010.029479.