article

Free access

A model for evaluating IT security investments

Authors:

Huseyin Cavusoglu,

Birendra Mishra,

Srinivasan RaghunathanAuthors Info & Claims

Communications of the ACM, Volume 47, Issue 7

Pages 87 - 92

https://doi.org/10.1145/1005817.1005828

Published: 01 July 2004 Publication History

All formats PDF

References

[1]

Berinato, S. Finally, a real return on security spending. CIO Magazine (Feb. 15, 2002).

Google Scholar

[2]

Brynjofsson, E. The information technology and productivity paradox. Commun. ACM 36, 12 (Dec. 1993), 66--77.

Digital Library

Google Scholar

[3]

Cavusoglu, H., Mishra, B., and Raghunathan, S. The effect of Internet security breach announcements on shareholder wealth: Capital market reactions for breached firms and Internet security developers. International J. of Electronic Commerce. Forthcoming.

Google Scholar

[4]

Collofello, J. Software Development Risk Management, 2000; www.eas.asu.edu/~riskmgmt/

Google Scholar

[5]

Denning, D. Reflections on cyberweapons controls. Computer Security J. 16, 4 (2000), 43--53.

Google Scholar

[6]

Gordon, L. and Loeb, M. The economics of information security investment. ACM Trans. IS Security 5, 4 (Nov. 2002), 438--457.

Digital Library

Google Scholar

[7]

Hoo, K.J.S. How much is enough? A risk management approach to computer security. Ph.D. Dissertation, Stanford University, 2000.

Google Scholar

[8]

Lee, W., Fan, W., Miller, M., Stolfo, S., and Zadok, E. Toward cost-sensitive modeling for intrusion detection and response. J. Computer Security (2001).

Digital Library

Google Scholar

[9]

Longstaff, T., Chittister, C., Pethia, R. and Haimes, Y. Are we forgetting the risk of information technology. IEEE Computer (Dec. 2000).

Digital Library

Google Scholar

[10]

Moitra, S. and Konda, S. The survivability of network systems: An empirical analysis. Carnegie Mellon Software Engineering Institute. Technical Report, CMU/SEI-2000-TR-021.

Google Scholar

[11]

Rasmusen, E. Games and Information. Blackwell Publishers, 1998.

Google Scholar

[12]

Secure Business Quarterly. Issue on Return on Security Investment (Q4, 2001).

Google Scholar

Cited By

View all

He RJin ZLi J(2024)Modeling and management of cyber risk: a cross-disciplinary reviewAnnals of Actuarial Science10.1017/S1748499523000258(1-40)Online publication date: 4-Jan-2024
https://doi.org/10.1017/S1748499523000258
Handoyo S(2024)Purchasing in the digital age: A meta-analytical perspective on trust, risk, security, and e-WOM in e-commerceHeliyon10.1016/j.heliyon.2024.e29714(e29714)Online publication date: Apr-2024
https://doi.org/10.1016/j.heliyon.2024.e29714
Yermalovich P(2023)Determining the Probability of CyberattacksEuropean Journal of Formal Sciences and Engineering10.26417/ejef.v4i1.p46-634:1(57-81)Online publication date: 6-Mar-2023
https://doi.org/10.26417/ejef.v4i1.p46-63
Show More Cited By

Index Terms

A model for evaluating IT security investments

Recommendations

Evaluating information security investments using the analytic hierarchy process
Medical image modeling

In today's information-based economy, organizations must avoid costly information security breaches. Unfortunately, organizations cannot make all of their information 100% secure all of the time. There are economic, as well as technical, impediments ...
Information security breaches and IT security investments: Impacts on competitors
Abstract
In current business climate, a firm’s information systems security is no longer independent from the industry’s broader security environment. A question arises, then, whether stock market values reflect the interdependence of security ...
Evaluating the impact of IT investments on productivity: a causal analysis at industry level

While many studies have shown positive and significant relationships between IT investments and firm productivity or performance, the question of causality remains: do higher IT investments contribute to better performance or does better performance ...

Comments

Information & Contributors

Information

Published In

Communications of the ACM Volume 47, Issue 7

Has the Internet become indispensable?

July 2004

82 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/1005817

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2004

Published in CACM Volume 47, Issue 7

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

212
Total Citations
View Citations
7,963
Total Downloads

Downloads (Last 12 months)362
Downloads (Last 6 weeks)30

Reflects downloads up to 10 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

He RJin ZLi J(2024)Modeling and management of cyber risk: a cross-disciplinary reviewAnnals of Actuarial Science10.1017/S1748499523000258(1-40)Online publication date: 4-Jan-2024
https://doi.org/10.1017/S1748499523000258
Handoyo S(2024)Purchasing in the digital age: A meta-analytical perspective on trust, risk, security, and e-WOM in e-commerceHeliyon10.1016/j.heliyon.2024.e29714(e29714)Online publication date: Apr-2024
https://doi.org/10.1016/j.heliyon.2024.e29714
Yermalovich P(2023)Determining the Probability of CyberattacksEuropean Journal of Formal Sciences and Engineering10.26417/ejef.v4i1.p46-634:1(57-81)Online publication date: 6-Mar-2023
https://doi.org/10.26417/ejef.v4i1.p46-63
He CHuangFu JKohlbeck MWang L(2023)The Impact of Customer-Reported Cybersecurity Breaches on Key Supplier Innovations and Relationship DisruptionJournal of Information Systems10.2308/ISYS-2020-006(1-29)Online publication date: 30-May-2023
https://doi.org/10.2308/ISYS-2020-006
Shreeve BGralha CRashid AAraújo JGoulão M(2023)Making Sense of the Unknown: How Managers Make Cyber Security DecisionsACM Transactions on Software Engineering and Methodology10.1145/354868232:4(1-33)Online publication date: 27-May-2023
https://dl.acm.org/doi/10.1145/3548682
Pate-Cornell MKuypers M(2023)A Probabilistic Analysis of Cyber RisksIEEE Transactions on Engineering Management10.1109/TEM.2020.302852670:1(3-13)Online publication date: Jan-2023
https://doi.org/10.1109/TEM.2020.3028526
Yin YHsu CZhou Z(2023)Employees' in-role and extra-role information security behaviors from the P-E fit perspectiveComputers & Security10.1016/j.cose.2023.103390133(103390)Online publication date: Oct-2023
https://doi.org/10.1016/j.cose.2023.103390
Suomi RSomerkoski B(2023)Security Issues at the Time of the Pandemic and Distance WorkVirtual Management and the New Normal10.1007/978-3-031-06813-3_15(291-311)Online publication date: 1-Feb-2023
https://doi.org/10.1007/978-3-031-06813-3_15
Colvett CPetty MBland J(2023)Impact of computer users on cyber defense strategiesSystems Engineering10.1002/sys.2173727:3(532-555)Online publication date: 28-Nov-2023
https://doi.org/10.1002/sys.21737
Fleischman GValentine SCurtis MMohapatra P(2022)The Influence of Ethical Beliefs and Attitudes, Norms, and Prior Outcomes on Cybersecurity Investment DecisionsBusiness & Society10.1177/0007650322111015662:3(488-529)Online publication date: 23-Aug-2022
https://doi.org/10.1177/00076503221110156
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

References

Cited By

Index Terms

Recommendations

Evaluating information security investments using the analytic hierarchy process

Information security breaches and IT security investments: Impacts on competitors

Evaluating the impact of IT investments on productivity: a causal analysis at industry level

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Magazine Site

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations