, C. Hartl:
"On the Singularity of Valuating IT Security Investments
Vortrag: 9th IEEE/ACIS International Conference on Computer and Information Science, Kaminoyama (Yamagata), Japan; 18.08.2010 - 20.08.2010; in:"Proceedings of the 2010 IEEE/ACIS 9th International Conference on Computer and Information Science
", IEEE Computer Society Washington, (2010), ISBN: 978-0-7695-4147-1; S. 549 - 556.
[ Publication Database
Companies spend considerable amounts of resources on minimizing security breaches but often neglect to implement efficient ones and are not aware whether their investments are effective. Literature provides many approaches aiming to define the value of IT security investments but often can not fulfill the expectation of decision makers in practice, e.g. due to lacking support for considering multiple objectives, business issues or a variety of investment alternatives. This paper identifies criteria for proper IT security evaluation methods from literature and evaluates some selected methods in order to show their applicability in practice. A focus of this evaluation lies on the comparison to methods for IT investment evaluation, in order to answer the question what the difference of evaluating IT investments and IT security investments is.