Abstract

In the contemporary, knowledge-based economy, enterprises are forced to bear the costs related to cybersecurity. While breaches negatively affect companies' budgets, accurate decisions on security investments result in visible savings. At the same time, cybersecurity cost assessment methods that support these decisions are lacking. Caspea addresses the gap by enabling the estimation of costs related to personnel activities involved in cybersecurity management. In this paper, new advancements in the research related to the construction of an ISO/IEC 27001-based costing model are described. This includes revising cost centres based on the ISO27k RASCI matrix, minimising input and output data, or implementing a new calculation spreadsheet that contains substantial changes compared to its previous editions. A comparative analysis with the earlier version of Caspea has been performed. The application of the new model to a woodworking company is illustrated. The results show gradual extension and the broader scope of the Caspea framework.

Recommended Citation

Leszczyna, R. (2024). ISO/IEC 27001-Based Estimation of Cybersecurity Costs with Caspea. In B. Marcinkowski, A. Przybylek, A. Jarzębowicz, N. Iivari, E. Insfran, M. Lang, H. Linger, & C. Schneider (Eds.), Harnessing Opportunities: Reshaping ISD in the post-COVID-19 and Generative AI Era (ISD2024 Proceedings). Gdańsk, Poland: University of Gdańsk. ISBN: 978-83-972632-0-8. https://doi.org/10.62036/ISD.2024.71

Paper Type

Full Paper

DOI

10.62036/ISD.2024.71

Additional Files
References_DOI_ISD.2024.71.pdf (140 kB)
Download

Share

COinS
 

ISO/IEC 27001-Based Estimation of Cybersecurity Costs with Caspea

In the contemporary, knowledge-based economy, enterprises are forced to bear the costs related to cybersecurity. While breaches negatively affect companies' budgets, accurate decisions on security investments result in visible savings. At the same time, cybersecurity cost assessment methods that support these decisions are lacking. Caspea addresses the gap by enabling the estimation of costs related to personnel activities involved in cybersecurity management. In this paper, new advancements in the research related to the construction of an ISO/IEC 27001-based costing model are described. This includes revising cost centres based on the ISO27k RASCI matrix, minimising input and output data, or implementing a new calculation spreadsheet that contains substantial changes compared to its previous editions. A comparative analysis with the earlier version of Caspea has been performed. The application of the new model to a woodworking company is illustrated. The results show gradual extension and the broader scope of the Caspea framework.