Information Asset Valuation Method for Information Technology Security Risk Assessment

The information security strategic plan is necessarily comprehensive, including business processes, people, and physical infrastructure, as well as the information system. The Security risk evaluation needs the calculating asset value to predict the impact and consequence of security incidents. The return on security investment (ROSI) is defining the value for all invested in terms of security by determining the cost of assets that may disturb in security breaches and the cost of its impact. Knowledge is the source of many competitive advantages for businesses and it should protect against theft, misuse and disasters by adequate security controls. All elements that involved in the knowledge creation process are knowledge assets. An IPO model with a combination of Skandia and Balanced scorecard methods needs to develop a measurement system for knowledge asset value assessment. This model recognizes the role of customers and employees as the natures of knowledge and concentrates on a wide range of factors involved in organization such as processes, structures and development elements that has not been tried before. The model in addition includes structure capital variables that emphasized ICT factors those are investing knowledge into the company's competitive advantage.