Informationssäkerhet och ekonomi - ett skannande projekt

Authors:

  • Jonas Hermelin
  • Henrik Karlzén
  • Peter Nilsson

Publish date: 2014-09-26

Report number: FOI-R--3927--SE

Pages: 57

Written in: Swedish

Keywords:

  • Information security
  • economics
  • security investment
  • optimization
  • operations
  • management
  • risk management

Abstract

To balance the risk and cost of potential security breaches with the benefit and total cost of a security investment is a considerable undertaking. Vulnerabilities in information security of organizations can induce major expenses, both monetary and non-monetary. Tight security requirements might on the other hand be a wildly cost-driving factor, both directly as an investment cost and indirectly if they hinder more flexible and efficient work processes. One approach to face this challenge is to make use of methods from economics. The aim of this survey is to give an overview of current research topics bridging the domains of information security and economics. The crossover between information security and economics is an active research domain that covers several research topics. The research covers investment optimizing, investment strategies, the problems of collecting reliable data and how to handle low probability events. A common shortcoming shared by many of the optimizing methods described here is the presumption of precise data regarding threat frequencies, consequence costs and effectiveness of investments, data that is very scarce and perhaps impossible to fully obtain. These proposed methods are mainly theoretical constructs with uncertain practical use. This is underlined by the fact that no evaluations of the methods have been found. Given the theoretical methods proposed in literature it would be valid to investigate in which ways organizations actually plan their information security investments today. How do organizations approach this issue, which methods are in use and how are they used? What are the differences between actual practice and literature?

Share page on social media