We live in an unsafe world in which we encounter threats against our safety and security every day. This is especially true in the information processing environment. Managements are engaging and facing difficult problems to manage information security issues. One of the most brain-teasing management issues is "How they could make a decision on security-related investment to maximize the economic balance?" To solve this problem the ROI of security investments must be measured and managed. This paper provides the integrated methodology which consists of a process model and analysis criteria of cost factors and benefit factors to support an economic justification of security investments. Also, a case study is provided to show practicality of this methodology. © Springer-Verlag Berlin Heidelberg 2005.
CITATION STYLE
Kim, S., & Lee, H. J. (2005). Cost-benefit analysis of security investments: Methodology and case study. In Lecture Notes in Computer Science (Vol. 3482, pp. 1239–1248). Springer Verlag. https://doi.org/10.1007/11424857_132
Mendeley helps you to discover research relevant for your work.