CITS
| Autor: | Marco Spruit, Wouter de Bruijn |
|---|---|
| Rok vydání: | 2012 |
| Předmět: | |
| Zdroj: | International Journal of Information Security and Privacy. 6:94-116 |
| ISSN: | 1930-1669 1930-1650 |
| DOI: | 10.4018/jisp.2012100105 |
| Popis: | Organizations know that investing in security measures is an important requirement for doing business. But how much should they invest and how should those investments be directed? Many organizations have turned to a risk management approach to identify the largest threats and the control measures that could help mitigate those threats. This research presents the Cost of IT Security (CITS) Framework to support analysis of the costs and benefits of those control measures. This analysis can be performed by using either quantification methods or by using a qualitative approach. Based on a study of five distinct security areas–Identity Management, Network Access Control, Intrusion Detection Systems, Business Continuity Management and Data Loss Prevention–nine cost factors are identified for IT security, and for only five of those nine a quantitative approach is feasible for the cost factor. This study finds that even though quantification methods are useful, organizations that wish to use those should do this together with more qualitative approaches in the decision-making process for security measures. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|