Skip to main content

2009 | OriginalPaper | Buchkapitel

6. Communicating the Economic Value of Security Investments: Value at Security Risk

verfasst von : Rolf Hulthén

Erschienen in: Managing Information Risk and the Economics of Security

Verlag: Springer US

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The information and data security communities and their individual practitioners have long experienced the pedagogical difficulties in communicating to management or funding bodies the importance and relevance of sufficient investments in information and data security.
One reason for this pedagogical failure is that the highly specialized security domain is difficult to penetrate for the average manager with a background in business administration or economics. Consequently, the entities and metricsused by the security community to evaluate security risks and their consequences usually tell very little to people involved in security investment decisions.
Historically, Return on Investment(RoI) has been used for this purpose. However, RoI is not an ideal entity to use, since it generates misunderstanding and misinterpretation. Companies and enterprises already have tools, methods and metricsto express risk levels and their economic consequences: we refer to Value-at-Risk and Value-at-Risk-type metrics.
This contribution transforms or transfers entities and metricsused by the information and data security communities into Value-at-Risk-type entities and metrics. This will allow management to understand, compare and evaluate security risks and their economic consequences with risks generated by other sources, strategies or investment decisions and give management a firmer and more rational basis for security investment decisions.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Literatur
Zurück zum Zitat Embrechts, P., Kluppelberg, C., and Mikosch, T. ”Modelling Extremal Events,” Berlin Heidelberg, Germany, Springer, 2004, Chs. 2-4. Embrechts, P., Kluppelberg, C., and Mikosch, T. ”Modelling Extremal Events,” Berlin Heidelberg, Germany, Springer, 2004, Chs. 2-4.
Zurück zum Zitat Gordon, L.A., and M P Loeb, M.P. “The Economics of Information Security Investments,” ACM Transactions on Information and System Security, 5 No4, November 2002, pp 438-457.CrossRef Gordon, L.A., and M P Loeb, M.P. “The Economics of Information Security Investments,” ACM Transactions on Information and System Security, 5 No4, November 2002, pp 438-457.CrossRef
Zurück zum Zitat Hulthén, R. “The Gordon-Loeb InvestmentModel Generalized: Time Dependent Multiple Threats and Breach Losses over an Investment Period,” Workshop on the Economics of Information Security, 2007-06-07—08. Rump Session presentation. Available from the author rolf.hulthen@telia.com. Hulthén, R. “The Gordon-Loeb InvestmentModel Generalized: Time Dependent Multiple Threats and Breach Losses over an Investment Period,” Workshop on the Economics of Information Security, 2007-06-07—08. Rump Session presentation. Available from the author rolf.hulthen@telia.com.
Zurück zum Zitat Ittelson, T. “Financial Statements. A Step-by-Step Guide to Understanding and Creating Financial Reports,” Career Press, Franklin Lakes, NJ, 1998,Chs. 12-13 Ittelson, T. “Financial Statements. A Step-by-Step Guide to Understanding and Creating Financial Reports,” Career Press, Franklin Lakes, NJ, 1998,Chs. 12-13
Zurück zum Zitat Jaquith, A. “Security Metrics. Replacing Fear, Uncertainty, and Doubt,” Upper Saddle River, NJ, Addison-Wesley, 2007, Chs. 4 and 7 Jaquith, A. “Security Metrics. Replacing Fear, Uncertainty, and Doubt,” Upper Saddle River, NJ, Addison-Wesley, 2007, Chs. 4 and 7
Zurück zum Zitat Jorion, P. “Value at Risk. The New Benchmark for Managing Financial Risk,” 3rd Edition, McGraw-Hill, International Edition, Boston, MA, 2007. Jorion, P. “Value at Risk. The New Benchmark for Managing Financial Risk,” 3rd Edition, McGraw-Hill, International Edition, Boston, MA, 2007.
Zurück zum Zitat Law, A. M., and Kelton, W. D. “Simulation Modeling and Analysis,” McGraw-Hill, New York, NY, 1982. Law, A. M., and Kelton, W. D. “Simulation Modeling and Analysis,” McGraw-Hill, New York, NY, 1982.
Zurück zum Zitat Martin, L. “The Statistical Value of Information,” The Workshop on the Economics of Securing the Information Infrastructure, 2006-10-23- -24, Downloadable from http://wesii.econinfosec. org/workshop/. Martin, L. “The Statistical Value of Information,” The Workshop on the Economics of Securing the Information Infrastructure, 2006-10-23- -24, Downloadable from http://​wesii.​econinfosec.​ org/workshop/.
Zurück zum Zitat Moody’s http://www.Moody’s/cust/default.asp, 2008. Moody’s http://​www.​Moody’s/cust/default.asp, 2008.
Zurück zum Zitat Pindyck, R. S., and Rubinfeld, D.L. “Microeconomics,” Prentice Hall International, Inc., Upper Saddle River, NJ, 2001, Chs. 5 and 15. Pindyck, R. S., and Rubinfeld, D.L. “Microeconomics,” Prentice Hall International, Inc., Upper Saddle River, NJ, 2001, Chs. 5 and 15.
Metadaten
Titel
Communicating the Economic Value of Security Investments: Value at Security Risk
verfasst von
Rolf Hulthén
Copyright-Jahr
2009
Verlag
Springer US
DOI
https://doi.org/10.1007/978-0-387-09762-6_6