Optimal Investment in Information Security: A Business Value Approach
نویسنده
چکیده
With increasing level of security threats and constant budget limitations, it is critical for a company to know how much and where to invest in information security. To date, all of the studies—academia or practitioner—focus on risk reduction as the primary effect of security investments, assuming that they generate no direct business benefits. However, some potential business values such as brand reputation and data stability are not only real but also quite important. This study addresses related research questions and extends the existing model to take into account direct business benefits in optimizing security investments, filling a significant research gap. As such, this research makes contribution to both theory development in information security management and management implications in practice.
منابع مشابه
Optimal Strategies of Increasing Business Alignment, in Social Security Organization, with Quality Function Deployment (QFD) Approach
Considering the importance of the concept of strategic alignment of information technology (IT) in today economic organizations, this study attempted to extract the organization's IT strategies in order to increase the degree of strategic alignment and consequently the optimal strategies in the field of marketing and service delivery for social security organization. Using QFD technique and hie...
متن کاملStrategic Cost-Cutting in Information Technology: toward a Framework for Enhancing the Business Value of IT
The increasing dependency of many businesses with information technology (IT)and the high percentage of the IT investment in all invested capital in businessenvironment ask for more attention to this important driver of business. Thelimitation of capital budget forces the managers to look for more wise investment inIT. There are many cost-cutting techniques in the literature and each of them ha...
متن کاملInsurer Optimal Asset Allocation in a Small and Closed Economy: The Case of Iran’s Social Security Organization
We seek to determine the optimal amount of the insurer’s investment in all types of assets for a small and closed economy. The goal is to detect the implications and contributions the risk seeker and risk aversion insurer commonly make and the effectiveness in the investment decision. Also, finding the optimum portfolio for each is the main goal of the present study. To this end, we adopted the...
متن کاملCritical Success Factors in implementing information security governance (Case study: Iranian Central Oil Fields Company)
The oil industry, as one of the main industries of the country, has always faced cyber attacks and security threats. Therefore, the integration of information security in corporate governance is essential and a governance challenge. The integration of information security and corporate governance is called information security governance. In this research, we identified "critical success factor...
متن کامل'Context, Content, Process' Approach to Align Information Security Investments with Overall Organizational Strategy
Today business environment is highly dependent on complex technologies, and information is considered an important asset. Organizations are therefore required to protect their information infrastructure and follow an inclusive risk management approach. One way to achieve this is by aligning the information security investment decisions with respect to organizational strategy. A large number of ...
متن کامل