Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Managing Information Risk and the Economics of Security Read chapter Read first chapter

2009 | OriginalPaper | Chapter

4. BORIS –Business ORiented management of Information Security

Authors : Sebastian Sowa, Lampros Tsinas, Roland Gabriel

Published in: Managing Information Risk and the Economics of Security

Publisher: Springer US

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The present chapter aims to successfully deal with the needs of information security functions by providing a management tool which links business and information security objectives. In the past terms, information security has fortunately become a top management topic due to the recognition of the continuously increasing dependencies of the overall business success on secure information and information processing technologies and means. While the focus of information security management primarily lay on the implementation of solutions to assure the achievement of the enterprises’ security objectives and their management, the business oriented management objectives were typically not regarded as major concern. Today, information security management executives are severely confronted with a different situation. An increasing pressure forces them to manage the security measures not only using their security, but also business glasses. To handle this challenge, a framework is presented in this chapter. It supports any information security functions with a strong economic focus, whereby it specifically links business and information security objectives. The core of the presented methodology has proven to be reliable, user friendly, consistent and precise under real conditions over several years.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Security Economics and European Policy
next chapter Productivity Space of Information Security in an Extension of the Gordon-Loeb’s InvestmentModel
Literature
Anderson, R., and Moore, T."The Economics of Information Security,"Science (314:5799), 2006, pp. 610-613.CrossRef
Baschin, A. Die Balanced Scorecard für Ihren Informationstechnologie-Bereich. Ein Leitfaden für Aufbau und Einführung, Frankfurt/Main, 2001
Biethahn, J., Mucksch, H., and Ruf, W. Ganzheitliches Informationsmanagement. Band I: Grundlagen, 5., unwes. veränd. Auflage, M. et al., 2000.
Camp, J.L., and Wolfram, C. “Pricing Security”, in Economics of Information Security, Camp, J.L., Lewis, S. (Eds.), Boston et al., 2004, pp. 17–34.
Cavusoglu, H., Cavusoglu, H., and Raghunathan, S.“Economics of IT Security Management: Four Improvements to Current Security Practices,”Communications of AIS (2004:14), 2004, pp. 65-75.
Cavusoglu, H. “Economics of IT-Security Management,” in Economics of Information Security, Camp, J.L., Lewis, S. (Eds.), Boston et al., 2004, pp. 71-83.
Deming, W.E. Out of the Crisis, Cambridge, MA, 2000.
Fitzgerald, T."Building Management Commitment through Security Councils,"Information Systems Security (14:2), 2005, pp. 27-36.MathSciNetCrossRef
Gabriel, R., Beier, D. Informationsmanagement in Organisationen, Stuttgart, 2003.
Gabriel, R., and Beier, D. Informationsmanagement, Band 3: Spezialthemen des Informationsmanagements, Lehrmaterialien im Studienfach Wirtschaftsinformatik 36/02, Lehrstuhl für Wirtschaftsinformatik, Ruhr-Universität Bochum, Bochum, 2002.
Gabriel, R., Sowa, S., and Wiedemann, J. “Improving information security compliance – A process-oriented approach for managing organizational change,” in Multikonferenz Wirtschaftsinformatik 2008 (MKWI 2008), Bichler, M., Hess, T., Krcmar, H., Lechner, U., Matthes, F., Picot, A., Speitkamp, B., and Wolf, P. (Eds.), Berlin, 2008, pp. 247-248.
Gordon, L.A., and Loeb, M.P. “The Economics of Information Security Investment,” in Economics of Information Security, Camp, J.L., Lewis, S. (Eds.), Boston et al., 2004, pp. 105-127.
Gordon, L.A., and Loeb, M.P.“Return On Information Security Investments: Myths vs Realities,”Strategic Finance (84:5), 2002, pp. 26-31.
Information Security Forum Fundamental Information Risk Management (FIRM), http://​www.​ securityforum.org/ (member access only), 2008.
ISO (International Organization for Standardization) ISO/IEC 17799:2005 “Information technology - Code of practice for information security management”, Geneva, 2005.
ISO (International Organization for Standardization) ISO/IEC 27001:2005 “Information technology - Security techniques - Information security management systems – Requirements”, Geneva, 2005.
ITGI CObIT 4.1, Framework, Control Objectives, Management Guidelines, Maturity Model, IT Governance Institute, Rolling Meadows, 2007.
Kaplan, R.S., and Norton, D.P.“The Balanced Scorecard: Measures That Drive Performance,”Harvard Business Review (83:7/8), 2005, pp. 172-180.
Kaplan, R.S., and Norton, D.P.“Using the Balanced Scorecard as a Strategic Management System,”Harvard Business Review (74:1), 1996, pp. 75-85.
Klempt, P. Effiziente Reduktion von IT-Risiken im Rahmen des Risikomanagementprozesses, Bochum, Univ., Diss., 2007.
Klempt, P., Schmidpeter, H., Sowa, S., and Tsinas, L. “Business Oriented Information Security Management – A Layered Approach,” in On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS, OTM Confederated International Conferences, CoopIS, DOA, ODBASE, GADA, and IS 2007, Meersman, Robert; Tari, Zahir (Eds.), Berlin et al., 2007, pp. 1835-1852.
Lange, J.A. Sicherheit und Datenschutz als notwendige Eigenschaften von computergestützten Informationssystemen. Ein integrierender Gestaltungsansatz für vertrauenswürdige computergestützte Informationssysteme, 1. Auflage, Wiesbaden, 2005.
Lapide, L.“Questions to Ask when Reviewing the Benchmarking Data,”Journal of Business Forecasting (25:4), 2007, pp. 4-7.
Laprie, J.C. “Dependability of Computer Systems: from Concepts to Limits,” in Proceedings of the Sixth International Symposium on Software Reliability Engineering, 1995, pp. 2-11.
Lardschneider, M.“Security Awareness – Grundlage aller Sicherheitsinvestitionen,”DuD, Datenschutz und Datensicherheit, (31:7) 2007, pp. 492-497.CrossRef
Loomans, D.C. “Information Risk Scorecard macht Sicherheitskosten transparent,” in HMD 236Praxis der Wirschaftsinformatik - IT-Sicherheit,” Mörike, M. (Ed.), 2004, pp. 43-51.
Nyanchama, M.“Enterprise Vulnerability Management and Its Role in Information Security Management,”Information Systems Security (14:3), 2005, pp. 29-56.CrossRef
Peltier, T.R.“Implementing an Information Security Awareness Program,”Information Systems Security (14:2), 2005, pp. 37-48.CrossRef
Powell, R.“The Boom in Benchmarking Studies,”Journal of Financial Planning (20:7), 2007, pp. 5-23.
Schneier, B. Beyond Fear, Thinking Sensibly About Security in an Uncertain World, New York, 2006.
Sherwood, J., Clark, A., and Lynas, D. Enterprise Security Architecture, A Business Driven Approach, 2005.
Soo H., and Kevin J.“How Much Is Enough? A Risk Management Approach to Computer Security,” Workshop on Economics and Information Security, University of California. Berkeley, CA, 2002.
Supply Chain Consortium “Benchmarking Do’s and Don’ts,” Industry Week/IW (256:12), 2007, p. 50.
Tiller, J.“The Business of Security,”Information Systems Security (12:5), 2003, pp. 2–4.CrossRef
Tsinas, L. “PRONOE, Process and Risk Oriented Numerical Outgoings Estimation – Vorschlag für eine Methodik zur risikoorientierten Kosten-Nutzen-Balance im Informations- Sicherheits-Management,” KES, Zeitschrift für Informations-Sicherheit (23:4), 2007, pp. 44-49.
Werners, B., Klempt, P. Verfahren zur Evaluation der IT-Sicherheit eines Unternehmens, Arbeitsbericht Nr. 12, Institut für Sicherheit im E-Business (ISEB), Bochum, 2005.
Xerox Corporation Leadership through quality: Implementing competitive benchmarking, 1987.
Zimmermann, H.J. Fuzzy set theorie – and its applications, 4th ed., Boston et al., 2001.
Zimmermann, H.J Fuzzy Technologien: Prinzipien, Werkzeuge, Potentiale, Düsseldorf, 1993.
Metadata
Title
BORIS –Business ORiented management of Information Security
Authors
Sebastian Sowa
Lampros Tsinas
Roland Gabriel
Copyright Year
2009
Publisher
Springer US
Book
Managing Information Risk and the Economics of Security

Print ISBN: 978-0-387-09761-9

Electronic ISBN: 978-0-387-09762-6

Copyright Year: 2009

DOI
https://doi.org/10.1007/978-0-387-09762-6_4

Premium Partner

    Image Credits