Tuesday, 9 September 2008

An economic modelling approach to information security risk management

an article by Rok Bojanca and Borka Jerman-Blažič (Faculty of Economics, Ljubljana University and Jožef Stefan Institute, Slovenia) in International Journal of Business Science and Applied Management Volume 3 Issue 3 (2008)

Abstract
This paper presents an approach enabling economic modelling of information security risk management in contemporaneous businesses and other organisations. In the world of permanent cyber attacks to ICT systems, risk management is becoming a crucial task for minimisation of the potential risks that can endeavour their operation. The prevention of the heavy losses that may happen due to cyber attacks and other information system failures in an organisation is usually associated with continuous investment in different security measures and purchase of data protection systems. With the rise of the potential risks the investment in security services and data protection is growing and is becoming a serious economic issue to many organisations and enterprises. This paper analyses several approaches enabling assessment of the necessary investment in security technology from the economic point of view. The paper introduces methods for identification of the assets, the threats, the vulnerabilities of the ICT systems and proposes a procedure that enables selection of the optimal investment of the necessary security technology based on the quantification of the values of the protected systems. The possibility of using the approach for an external insurance based on the quantified risk analyses is also provided.


No comments: