Title :
Towards an Optimal Information Security Investment Strategy
Author :
Wang, Zikai ; Song, Haitao
Author_Institution :
Shanghai Jiao Tong Univ., Shanghai
Abstract :
The growing number of defects in information system and illegal invasion is pushing worldwide organizations to invest more on information security (IS). Security experts and IT specialists usually carry out security system infrastructure plans, while stakeholders often wonder whether their money is well spent and the risks for information system are reduced to an acceptable level. This paper proposed an optimal IS investment strategy using a multi-object model: 1) minimize the opportunity cost of risks, which are indirectly quantified by losing of confidentiality, integrity and availability; and 2) the investment return, or benefit, on security investment must be larger than the investment. The model transforms the risks of information by opportunity cost, measures the efficiency of security related tools and policies by impact factor, and then gets the optimal investment strategy with several selectable constrains. A case study of a small company at the end demonstrates the validness. Stakeholder and IT manager can use this model to justify and measure whether their budget on information security is consistent with the expected risks.
Keywords :
information systems; investment; risk management; security of data; illegal invasion; information system; investment return; multiobject model; opportunity cost; optimal information security investment; risk; security system infrastructure plan; Companies; Computer crime; Computer security; Cost function; Information security; Information systems; Investments; Loss measurement; National security; Protection;
Conference_Titel :
Networking, Sensing and Control, 2008. ICNSC 2008. IEEE International Conference on
Conference_Location :
Sanya
Print_ISBN :
978-1-4244-1685-1
Electronic_ISBN :
978-1-4244-1686-8
DOI :
10.1109/ICNSC.2008.4525317
