Cost Benefit Toolbox for Information Security

Abstract:

Secure and efficient business processes – both in the public and private sectors – represent a fundamental concern for all enterprises. They are indispensable for a focused (and reproducible) achievement of added value. The emerging field of information security is thus, as with many other facets within an enterprise, required not only to prove itself in business and technological terms, but also in economic terms. The added value that is to be achieved by investments in information security is consequently expected to become an increasingly important subject of scrutiny. This underscores the need of various experts within an enterprise (or a public sector organisation) to have access to a compact and practical means of illustrating the importance of investments in information security to the enterprise’s management. For that purpose a Cost Benefit Toolbox will be presented. This toolbox represents exactly the sort of instrument in that it effectively allows one to focus on the core element of information security, namely, the task of comparing risks and security investments.