Konferenzbeitrag
Return on Security Investments – Design Principles of Measurement Systems Based on Capital Budgeting
Lade...
Volltext URI
Dokumententyp
Text/Conference Paper
Dateien
Zusatzinformation
Datum
2007
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
Gesellschaft für Informatik e. V.
Zusammenfassung
IT-security has become a vital factor in electronic commerce nowadays. Thus, investments have to be made in order to safeguard security. However, the benefits of these investments are often hardly visible. In most cases, such investments are made only retroactively, after incidents occur. It is necessary to measure the value before preventing incidents. For this purpose ROSI (Return on Security Investments) has gained enormous attention in research and practice. In this paper, we discuss this measure from a methodological perspective. We argue that existing approaches for calculating ROSI lack a sound methodological basis and that these approaches can be misleading for decision support. In contrast to these approaches, we suggest a new approach for the calculation of ROSI on a capital budgeting basis.