Return on Security Investments – Design Principles of Measurement Systems Based on Capital Budgeting
Abstract
IT-security has become a vital factor in electronic commerce nowadays. Thus, investments have to be made in order to safeguard security. However, the benefits of these investments are often hardly visible. In most cases, such investments are made only retroactively, after incidents occur. It is necessary to measure the value before preventing incidents. For this purpose ROSI (Return on Security Investments) has gained enormous attention in research and practice. In this paper, we discuss this measure from a methodological perspective. We argue that existing approaches for calculating ROSI lack a sound methodological basis and that these approaches can be misleading for decision support. In contrast to these approaches, we suggest a new approach for the calculation of ROSI on a capital budgeting basis.
- Citation
- BibTeX
Brocke, J. v., Strauch, G. & Buddendick, C.,
(2007).
Return on Security Investments – Design Principles of Measurement Systems Based on Capital Budgeting.
In:
Mayr, H. C. & Karagiannis, D.
(Hrsg.),
Information systems technology and its applications – 6th international conference – ISTA 2007.
Bonn:
Gesellschaft für Informatik e. V..
(S. 21-32).
@inproceedings{mci/Brocke2007,
author = {Brocke, Jan vom AND Strauch, Gereon AND Buddendick, Christian},
title = {Return on Security Investments – Design Principles of Measurement Systems Based on Capital Budgeting},
booktitle = {Information systems technology and its applications – 6th international conference – ISTA 2007},
year = {2007},
editor = {Mayr, Heinrich C. AND Karagiannis, Dimitris} ,
pages = { 21-32 },
publisher = {Gesellschaft für Informatik e. V.},
address = {Bonn}
}
author = {Brocke, Jan vom AND Strauch, Gereon AND Buddendick, Christian},
title = {Return on Security Investments – Design Principles of Measurement Systems Based on Capital Budgeting},
booktitle = {Information systems technology and its applications – 6th international conference – ISTA 2007},
year = {2007},
editor = {Mayr, Heinrich C. AND Karagiannis, Dimitris} ,
pages = { 21-32 },
publisher = {Gesellschaft für Informatik e. V.},
address = {Bonn}
}
Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback
More Info
ISBN: 978-3-88579-2017
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2007
Language:
(en)

Content Type: Text/Conference Paper