Measuring the risk-based value of IT security solutions
Journal Article (Review;Journal)
A risk management approach that integrates risk profile with actual damages and implementation costs to determine the costs and benefits of information security solutions, is discussed. Two crucial concepts of the approach, incident types and bypass rates, used to judge the efficiency and return on investment for an organization's security solutions are described. The data required for risk analysis include observed damage, which is the damage that the company sustains in a given time period for each incident type and cost for a given security solution. The method to calculate risk-based return on investment (RROI) is also described.
Full Text
Duke Authors
Cited Authors
- Arora, A; Hall, D; Pinto, CA; Ramsey, D; Telang, R
Published Date
- November 1, 2004
Published In
Volume / Issue
- 6 / 6
Start / End Page
- 35 - 42
International Standard Serial Number (ISSN)
- 1520-9202
Digital Object Identifier (DOI)
- 10.1109/MITP.2004.89
Citation Source
- Scopus