Paper Type
ERF
Abstract
In navigating the intricate landscape of cybersecurity investments, organizations encounter the challenge of efficiently allocating resources across diverse mitigation strategies. Our study tackles this obstacle by identifying the optimal investment levels in various cybersecurity measures to minimize an organization's cyber-attack risk. We comprehend individuals' motivation towards cybersecurity behavior using the Protection Motivation Theory (PMT). Our research framework involves conducting a comprehensive risk assessment of an organization, considering vulnerabilities and organizational traits like size, industry, and digital footprint, which influence susceptibility to cyber threats. Subsequently, we evaluate the potential impact of these risks and assess cybersecurity measures for mitigation. Next, we examine the role of cybersecurity frameworks like COBIT19, ITIL, and NIST Cybersecurity in risk mitigation. By striking a balance between investment costs and risk reduction benefits, our goal is to furnish data-driven insights for informed cybersecurity investment decisions by any organization.
Paper Number
1888
Recommended Citation
Jain, Swati and Mukhopadhyay, Arunabha, "A Risk-Based Approach for Prioritizing Cybersecurity Investments" (2024). AMCIS 2024 Proceedings. 8.
https://aisel.aisnet.org/amcis2024/security/security/8
A Risk-Based Approach for Prioritizing Cybersecurity Investments
In navigating the intricate landscape of cybersecurity investments, organizations encounter the challenge of efficiently allocating resources across diverse mitigation strategies. Our study tackles this obstacle by identifying the optimal investment levels in various cybersecurity measures to minimize an organization's cyber-attack risk. We comprehend individuals' motivation towards cybersecurity behavior using the Protection Motivation Theory (PMT). Our research framework involves conducting a comprehensive risk assessment of an organization, considering vulnerabilities and organizational traits like size, industry, and digital footprint, which influence susceptibility to cyber threats. Subsequently, we evaluate the potential impact of these risks and assess cybersecurity measures for mitigation. Next, we examine the role of cybersecurity frameworks like COBIT19, ITIL, and NIST Cybersecurity in risk mitigation. By striking a balance between investment costs and risk reduction benefits, our goal is to furnish data-driven insights for informed cybersecurity investment decisions by any organization.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC