Title :
On the Singularity of Valuating IT Security Investments
Author :
Neubauer, Thomas ; Hartl, Christian
Author_Institution :
Secure Bus. Austria, Vienna, Austria
Abstract :
Companies spend considerable amounts of resources on minimizing security breaches but often neglect to implement efficient ones and are not aware whether their investments are effective. Literature provides many approaches aiming to define the value of IT security investments but often can not fulfill the expectation of decision makers in practice, e.g. due to lacking support for considering multiple objectives, business issues or a variety of investment alternatives. This paper identifies criteria for proper IT security evaluation methods from literature and evaluates some selected methods in order to show their applicability in practice. A focus of this evaluation lies on the comparison to methods for IT investment evaluation, in order to answer the question what the difference of evaluating IT investments and IT security investments is.
Keywords :
investment; security of data; IT investment evaluation; IT security evaluation; IT security investment; security breaches; Companies; Computer security; Cost accounting; Cost benefit analysis; Decision support systems; IEEE news; Information science; Information security; Investments; Remotely operated vehicles; Economics; Security; Valuation;
Conference_Titel :
Computer and Information Science, 2009. ICIS 2009. Eighth IEEE/ACIS International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3641-5
DOI :
10.1109/ICIS.2009.90