We are currently experiencing intermittent issues impacting performance. We apologize for the inconvenience.
By Topic

Cybersecurity Economic Issues: Clearing the Path to Good Practice

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Pfleeger, Shari Lawrence ; Rand Corp., Arlington ; Rue, R.

Software project managers have limited project resources. Requests for security improvements must compete with other requests, such as for new tools, more staff, or additional testing. Deciding how and whether to invest in cybersecurity protection requires knowing the answer to at least two questions: What is the likelihood of an attack, and what are its likely consequences? Security analysts understand a system's vulnerability to potential cyberattacks fairly well, but to date, research on the economic consequences of cyberattacks has been limited, dealing primarily with microanalyses of attacks' direct impacts on a particular organization. Many managers recognize the significant potential of a cyberattack's effects to cascade from one computer or business system to another, but there have been no significant efforts to develop a methodology to account for both direct and indirect costs. Without such a methodology, project managers and their organizations are hard pressed to make informed decisions about how much to invest in cybersecurity and how to ensure that security resources are used effectively. In this article, we explore how others have sought answers to our two questions. We describe the data available to inform decisions about investing in cybersecurity and look at research models of the trade-offs between investment and protection. The framework we present can help project managers find appropriate models with credible data so that they can make effective security decisions.

Published in:

Software, IEEE  (Volume:25 ,  Issue: 1 )