Scholars@Duke

Measuring the risk-based value of IT security solutions

Publication ,  Journal Article
Arora, A; Hall, D; Pinto, CA; Ramsey, D; Telang, R
Published in: IT Professional
November 1, 2004
Published version (DOI)

A risk management approach that integrates risk profile with actual damages and implementation costs to determine the costs and benefits of information security solutions, is discussed. Two crucial concepts of the approach, incident types and bypass rates, used to judge the efficiency and return on investment for an organization's security solutions are described. The data required for risk analysis include observed damage, which is the damage that the company sustains in a given time period for each incident type and cost for a given security solution. The method to calculate risk-based return on investment (RROI) is also described.

Duke Scholars

Ashish Arora
Author Ashish Arora Fuqua School of Business
Altmetric Attention Stats
Dimensions Citation Stats

Published In

IT Professional

DOI

10.1109/MITP.2004.89

ISSN

1520-9202

Publication Date

November 1, 2004

Volume

6

Issue

6

Start / End Page

35 / 42

Related Subject Headings

  • Information Systems
  • 4609 Information systems
  • 0806 Information Systems
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Arora, A., Hall, D., Pinto, C. A., Ramsey, D., & Telang, R. (2004). Measuring the risk-based value of IT security solutions. IT Professional, 6(6), 35–42. https://doi.org/10.1109/MITP.2004.89
Arora, A., D. Hall, C. A. Pinto, D. Ramsey, and R. Telang. “Measuring the risk-based value of IT security solutions.” IT Professional 6, no. 6 (November 1, 2004): 35–42. https://doi.org/10.1109/MITP.2004.89.
Arora A, Hall D, Pinto CA, Ramsey D, Telang R. Measuring the risk-based value of IT security solutions. IT Professional. 2004 Nov 1;6(6):35–42.
Arora, A., et al. “Measuring the risk-based value of IT security solutions.” IT Professional, vol. 6, no. 6, Nov. 2004, pp. 35–42. Scopus, doi:10.1109/MITP.2004.89.
Arora A, Hall D, Pinto CA, Ramsey D, Telang R. Measuring the risk-based value of IT security solutions. IT Professional. 2004 Nov 1;6(6):35–42.

Published In

IT Professional

DOI

10.1109/MITP.2004.89

ISSN

1520-9202

Publication Date

November 1, 2004

Volume

6

Issue

6

Start / End Page

35 / 42

Related Subject Headings

  • Information Systems
  • 4609 Information systems
  • 0806 Information Systems