Abstract

The growing number of security threats nowadays and the substantial economic losses they cause have increased the importance of information security for companies worldwide. Regarding a company’s information security investments, it is therefore crucial to ensure its adequate protection and at the same time act economically efficient. Assessment tools can support the selection of economically efficient information security investments. However, most assessment tools focus on monetary criteria and ignore the large number of relevant non-monetary criteria. Hence, there is a need for guidance to develop multiple-criteria assessment tools. As existing frameworks do not address this need, this study presents design requirements and design principles for the development of multiple-criteria assessment tools for information security investments. The proposed design theory provides fundamental design knowledge and offers guidance to build comprehensive assessment tools.

Download

Share

COinS