Business process-based valuation of IT-security

7th International Workshop on Economics-Driven Software Engineering Research, EDSER 2005 - International Conference on Software Engineering 2005

Volumn , Issue , 2005, Pages

  Neubauer, Thomas ^a   Klemen, Markus ^a   Biffl, Stefan ^a  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

Business process management; Valuation of secure business processes; Value based security

Indexed keywords

ADMINISTRATIVE DATA PROCESSING; COST BENEFIT ANALYSIS; ENGINEERING RESEARCH; ENTERPRISE RESOURCE MANAGEMENT; SECURITY OF DATA; SOFTWARE DESIGN;

BUSINESS ENVIRONMENTS; BUSINESS INTEGRATION; BUSINESS PROCESS; BUSINESS PROCESS MANAGEMENT; CONTINUOUS MONITORING; SECURITY MEASURE; SECURITY PROBLEMS; VALUE-BASED;

SOFTWARE ENGINEERING;

EID: 84994725444     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1083091.1083099     Document Type: Conference Paper

References (21)

1. Avizienis, Algirdas; et.al.: Basic Concepts and Taxonomy of Dependable and Secure Computing; IEEE Transactions on dependable and secure computing, Vol. 1, No. 1; 2004.
2. BOC: www.boc-eu.com
3. Butler, Shawn A.: Security Attribute Evaluation Method; ACM ICSE; 2002.
4. Campbell, Katherine; Lawrence A. Gordon, Martin P. Loeb, and Lei Zhou, "The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence From the Stock Market", Journal of Computer Security, vol. 11, issue 3, 2003, pp. 431-448.
5. Clarke, R. Computer matching by government agencies: The failure of cost/benefit analysis as a control mechanism. Information Infrastructure and Policy 4; 1995.
6. Cobit has been developed and is maintained by the Information Systems Audit and Control Association (IACSA) - http://www.iacsa.org.
7. Ettredge, Michael; Vernon J. Richardson: Assessing the Risk in E-Commerce; Proceedings of the 35th Hawaii International Conference on System Sciences - 2002.
8. Federal Information Processing Standards. Guideline for the Analysis of Local Area Network Security. National Institute of Standards and Technology, FIPS PUB 191, Nov. 1994.
9. Federal Office for Information Security (Germany) (BSI) http://www.bsi.de/english/index.htm.
10. IDS Scheer: www.ids-scheer.de
11. Kurrek, H.: SMM - Assessing a Company's IT-Security In: ERCIM News, 2002, Nr. 49.
12. Löffler, Helge; Markus Oman: IT-Survey 2004; KPMG Austria (Innsbruck-Linz).
13. Mercuri, Rebecca T.: Analyzing Security Costs; Communications of the ACM; June 2003/Vol. 46, No. 6.
14. Murine, G. E. and Carpenter, C. L. (1984), "Measuring computer system security using software security metrics", in Finch, J. H. and Dougall, E. G. (Eds), Computer Security: A Global Challenge, Elsevier Science Publisher, Barking.
15. National Institute of Standards and Technologies; 1979 FIPS publication (#65).
16. Oesterle, H.: Business in the Information Age. Heading for New Processes. Springer, Berlin/Heidelberg; 1995.
17. SooHoo, K., How Much is enough? A Risk-Management Approach to Computer Security, Consortium for Research on Information Security and Policy (CRISP), June 2000.
18. SSE-CMM (1998), The Model, v2.0, www.sse-cmm.org.
19. Stacey, T. R. (1996), Information security program maturity grid, Information Systems Security, Vol. 5 No. 2.
20. The ISO 17799 directory can be found at http://www.iso-17799.com.
21. Thompson M.: Benefit-Cost Analysis for Program Evaluation; Sage, 1980.