Loading...

Media is loading
 

Paper Type

ERF

Abstract

In navigating the intricate landscape of cybersecurity investments, organizations encounter the challenge of efficiently allocating resources across diverse mitigation strategies. Our study tackles this obstacle by identifying the optimal investment levels in various cybersecurity measures to minimize an organization's cyber-attack risk. We comprehend individuals' motivation towards cybersecurity behavior using the Protection Motivation Theory (PMT). Our research framework involves conducting a comprehensive risk assessment of an organization, considering vulnerabilities and organizational traits like size, industry, and digital footprint, which influence susceptibility to cyber threats. Subsequently, we evaluate the potential impact of these risks and assess cybersecurity measures for mitigation. Next, we examine the role of cybersecurity frameworks like COBIT19, ITIL, and NIST Cybersecurity in risk mitigation. By striking a balance between investment costs and risk reduction benefits, our goal is to furnish data-driven insights for informed cybersecurity investment decisions by any organization.

Paper Number

1888

Author Connect URL

https://authorconnect.aisnet.org/conferences/AMCIS2024/papers/1888

Comments

SIGSEC

Author Connect Link

Share

COinS
 
Aug 16th, 12:00 AM

A Risk-Based Approach for Prioritizing Cybersecurity Investments

In navigating the intricate landscape of cybersecurity investments, organizations encounter the challenge of efficiently allocating resources across diverse mitigation strategies. Our study tackles this obstacle by identifying the optimal investment levels in various cybersecurity measures to minimize an organization's cyber-attack risk. We comprehend individuals' motivation towards cybersecurity behavior using the Protection Motivation Theory (PMT). Our research framework involves conducting a comprehensive risk assessment of an organization, considering vulnerabilities and organizational traits like size, industry, and digital footprint, which influence susceptibility to cyber threats. Subsequently, we evaluate the potential impact of these risks and assess cybersecurity measures for mitigation. Next, we examine the role of cybersecurity frameworks like COBIT19, ITIL, and NIST Cybersecurity in risk mitigation. By striking a balance between investment costs and risk reduction benefits, our goal is to furnish data-driven insights for informed cybersecurity investment decisions by any organization.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.