By Topic

Towards an Optimal Information Security Investment Strategy

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Zikai Wang ; Shanghai Jiao Tong Univ., Shanghai ; Haitao Song

The growing number of defects in information system and illegal invasion is pushing worldwide organizations to invest more on information security (IS). Security experts and IT specialists usually carry out security system infrastructure plans, while stakeholders often wonder whether their money is well spent and the risks for information system are reduced to an acceptable level. This paper proposed an optimal IS investment strategy using a multi-object model: 1) minimize the opportunity cost of risks, which are indirectly quantified by losing of confidentiality, integrity and availability; and 2) the investment return, or benefit, on security investment must be larger than the investment. The model transforms the risks of information by opportunity cost, measures the efficiency of security related tools and policies by impact factor, and then gets the optimal investment strategy with several selectable constrains. A case study of a small company at the end demonstrates the validness. Stakeholder and IT manager can use this model to justify and measure whether their budget on information security is consistent with the expected risks.

Published in:

Networking, Sensing and Control, 2008. ICNSC 2008. IEEE International Conference on

Date of Conference:

6-8 April 2008