Abstract

IT or cyber security risks are a fundamental concern to countless organizations as part of nowadays digitalized world. Many concepts exist to tackle security threats along business processes, on technology level, or considering the human factor. However, security investments often lack the proof of being beneficial and worth their money. Information systems researchers have provided various IT security investment models aiming at improving the general understanding of the dynamics behind IT security risk mitigation but often miss a clear economic justification in countable numbers. This study has identified a lack of multi-perspective approaches regarding information security investment models and therefore uses this as research entry point. While utilizing a design science research approach, this work has created a multi-perspective IT security investment framework including a further elaborated ROSI calculation. The proposed approach integrates a conceptual as well as an economic part for firstly, getting a comprehensive understanding about the IT security investment dynamics and secondly, calculating the optimal IT security investment sum for security measures. Evaluation findings suggest that general quality, efficacy, utility and validity of the framework is given, and that the framework is perceived of being useful with respect to IT security investment efforts and decision-making.

Download

Share

COinS