skip to main content
10.5555/1400549.1400590acmconferencesArticle/Chapter ViewAbstractPublication PagesspringsimConference Proceedingsconference-collections
research-article

The importance of information security spending: an economic approach

Published: 14 April 2008 Publication History

Abstract

Information security is a growing concern for today's businesses though it does not always get enough attention. One problem is justifying the budget necessary to properly protect information systems. This paper explores why information security should be a priority for businesses and deals with how a security expert can model potential losses for their organization. There is no silver bullet for modeling security risks so this paper discusses various methods that can be used as guidelines for professionals to make well informed decisions. Not all losses are able to be modeled correctly and for this reason they may be overlooked or improperly understood by an organization. Non-financial losses such as the potential for stock devaluation due to damaged reputations are also explored.

References

[1]
Belva K. F. 2005. How it's Difficult to Ruin a Good Name: An Analysis of Reputational Risk. http://www.ftusecurity.com/pub/FiTechSummit_final_paper.pdf 10-23-07
[2]
Bodin, L. D.; L. A. Gordon; M. P. Loeb. 2005, "Evaluating Information Security Investments Using the Analytic Hierarchy Process", Communications of the ACM, 48, no. 2, (February): 78--83.
[3]
Conrad, J. R. 2005. "Analyzing the Risks of Information Security Investments with Monte-Carlo Simulations." In Proceedings of the 2005 Workshop on the Economics of Information Security. (Harvard University, June 2-3).
[4]
Gordon, L. A.; M. P. Loeb, 2002, "The Economics of Information Security Investment", ACM Transactions on Information and System Security (TISSEC), 5, no. 4, (November): 438--457.
[5]
Gordon, L. A.; M. P. Loeb, 2006, "Budgeting Process for Information Security Expenditures", Communications of the ACM, 49, no. 1, (January): 121--125
[6]
Longstaff, T. A.; C. Chittister.; R. Pethia; Y. Y. Haimes, 2000, "Are we forgetting the risks of information technology?", Computer, 33, no.12, (December): 43--51
[7]
Richardson, R. 2007. CSI Computer Crime and Security Survey. CSI Survey 2007. http://i.cmpnet.com/v2.gocsi.com/pdf/CSISurvey2007.pdf
[8]
{CNN 2007} http://money.cnn.com/2005/05/23/news/fortune500/bank_info/ 11-11-07
[9]
{McAffee 2007} http://shop.mcafee.com/products/AntiSpyware.aspx?pid=ANTISPY&CID=MFE-3000&ref=mcafee.com&lang=en-us 10-25-07
[10]
Saaty, T. L. 1980. The Analytic Hierarchy Process. McGraw-Hill, New York
[11]
Wittwer, J. W. 2004. Monte Carlo Simulation Basics. http://vertex42.com/ExcelArticles/mc/MonteCarloSimulation.html

Cited By

View all
  • (2015)Information security risk management in computer networks based on fuzzy logic and cost/benefit ratio estimationProceedings of the 8th International Conference on Security of Information and Networks10.1145/2799979.2800022(8-11)Online publication date: 8-Sep-2015
  • (2009)Building a better passwordProceedings of the 2009 IEEE international conference on Intelligence and security informatics10.5555/1706428.1706448(113-118)Online publication date: 8-Jun-2009

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
SpringSim '08: Proceedings of the 2008 Spring simulation multiconference
April 2008
880 pages
ISBN:1565553195

Sponsors

Publisher

Society for Computer Simulation International

San Diego, CA, United States

Publication History

Published: 14 April 2008

Check for updates

Author Tags

  1. cost-benefit ratio
  2. intensities
  3. stochastic

Qualifiers

  • Research-article

Conference

SCS SSM'08
Sponsor:
SCS SSM'08: Spring Simulation Multiconference
April 14 - 17, 2008
Ottawa, Canada

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)0
Reflects downloads up to 15 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2015)Information security risk management in computer networks based on fuzzy logic and cost/benefit ratio estimationProceedings of the 8th International Conference on Security of Information and Networks10.1145/2799979.2800022(8-11)Online publication date: 8-Sep-2015
  • (2009)Building a better passwordProceedings of the 2009 IEEE international conference on Intelligence and security informatics10.5555/1706428.1706448(113-118)Online publication date: 8-Jun-2009

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media