Identifying the Business Value of Information Security-Reference-Cited by-同舟云学术

Identifying the Business Value of Information Security

Published: Issue: Volume: Page:1056-1079
ISSN:
Container-title:Banking, Finance, and Accounting
language:
Short-container-title:

Author:

Cardholm Lucas¹

Affiliation:

1. Coromatic Group, Sweden

Abstract

Management may see information security as an inhibitor to daily operations if the investment is not well aligned with current business activities or is presented in financial terms not relevant to their agenda. While this chapter shows that information security improvements create bottom-line business benefits, there is still a need for security managers to focus on quantifying those benefits in relevant financial terms. The purpose is to demystify the principles of general investment processes and criteria for calculating the benefits and costs of investments while accentuating alignment to the imperatives of the organization that makes the investment. As information security investments are assessed alongside other investment projects, it helps to consider them on an equal footing, implying the use of similar, and ideally the same, methods of financial cost projection. It is equally important to position and present the proposed investment in a relevant business context.

Publisher

IGI Global

Reference21 articles.

1. Anderson, R., Böhme, R., Clayton, R., & Moore, T. (2009). Security economics and European policy. In Proceedings of ISSE 2008 Securing Electronic Business Processes, (pp. 57-76). ISSE.

2. Cardholm, L. (2006). Adding value to business performance through cost benefit analyses of information security investments. (MBA Thesis in Marketing). University of Gävle.

3. Demetz, L., & Bachlechner, D. (2012). To invest or not to invest? Assessing the economic viability of a policy and security configuration management tool. Paper presented at 11th Annual Workshop on the Economics of Information Security (WEIS 2012). Berlin, Germany.

4. ENISA. (2008). Obtaining support and funding from senior management while planning an awareness initiative. Retrieved January 20, 2013, from http://www.enisa.europa.eu/

5. Ernst & Young. (2012a). Fighting to close the gap – Ernst & Young’s 2012 global information security survey. Retrieved December 19, 2012, from http://www.ey.com/

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Evaluating the threat to national information security;Problems and Perspectives in Management;2020-09-09