research-article

Free access

Quantifying the benefits of investing in information security

Authors:

Lara Khansa,

Divakaran LiginlalAuthors Info & Claims

Communications of the ACM, Volume 52, Issue 11

Pages 113 - 117

https://doi.org/10.1145/1592761.1592789

Published: 01 November 2009 Publication History

All formats PDF

References

[1]

Bárdossy, A. and Duckstein, L. Fuzzy rule-based modeling with applications to geophysical, biological and engineering systems. CRC Press Inc., Boca Raton, FL, 1995.

Digital Library

Google Scholar

[2]

Campbell, K., Gordon, L.A., Loeb, M.P., and Zhou, L. The economic severity of publicly announced information security breaches: Empirical evidence from the stock market. Journal of Computer Security 11, 3 (2003), 431--448.

Digital Library

Google Scholar

[3]

Cavusoglu, H., Mishra, B., and Raghunathan, S. The effect of Internet security breach announcements on market value: Capital market reactions for breached firms and Internet security developers. International Journal of Electronic Commerce 9, 1 (2004), 69--104.

Digital Library

Google Scholar

[4]

Ettredge, M. and Richardson, V. J. Assessing the risk in e-commerce. Proceedings of the 35^th Hawaii International Conference on System Sciences (Hawaii, 2002), 2673--2682.

Digital Library

Google Scholar

[5]

Fraser, P. and Groenewold, N. US share prices and real supply and demand shocks. The Quarterly Review of Economics and Finance 46, 1 (2006), 149--167.

Crossref

Google Scholar

[6]

Lee, V.C.S. A fuzzy multi-criteria decision model for information system security investment. Lecture Notes in Computer Science, 2690 (2003), 436--441.

Crossref

Google Scholar

[7]

Jeon, B.N. and Jang, B.S. The linkage between the US and Korean stock markets: The case of NASDAQ, KOSDAQ, and the semiconductor stocks. Research in International Business and Finance 18, 3 (2004), 319--340.

Crossref

Google Scholar

[8]

Khansa, L. and Liginlal, D. Valuing the flexibility of investing in security process innovations. The European Journal of Operational Research, 192 (2009), 216--235.

Crossref

Google Scholar

[9]

Liginlal, D., Sim, I., and Khansa, L. Human error and its impact on information privacy. Computers and Security, 28 (2009), 215--228

Digital Library

Google Scholar

[10]

Pankratz, A. Forecasting with dynamic regression models. Wiley (New York, 1991).

Crossref

Google Scholar

[11]

Park, I., Sharman, R., Rao, H.R. and Upadhyaya, S. Short term and total life impact analysis of email worms in computer systems. Decision Support Systems 43, 3 (2007), 827--841.

Digital Library

Google Scholar

[12]

Wang, J., Chaudhury, A., and Rao, H.R. An extreme value approach to information technology security investment. The International Conference on Information Systems (Las Vegas, NV, 2005).

Google Scholar

Cited By

View all

Mohamed MChakraborty JDehlinger J(2017)Trading off usability and security in user interface design through mental modelsBehaviour & Information Technology10.1080/0144929X.2016.126289736:5(493-516)Online publication date: 1-May-2017
https://dl.acm.org/doi/10.1080/0144929X.2016.1262897
Cram WBrohman MGallupe R(2016)Hitting a moving targetInformation Systems Journal10.1111/isj.1205926:3(195-226)Online publication date: 1-May-2016
https://dl.acm.org/doi/10.1111/isj.12059
Alec Cram WKathryn Brohman MChan YBrent Gallupe R(2016)Information systems control alignmentInformation and Management10.1016/j.im.2015.09.01253:2(183-196)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1016/j.im.2015.09.012
Show More Cited By

Index Terms

Quantifying the benefits of investing in information security

Recommendations

Quantifying Rowhammer Vulnerability for DRAM Security
2021 58th ACM/IEEE Design Automation Conference (DAC)
Rowhammer is a memory-based attack that leverages capacitive-coupling to induce faults in modern dynamic random-access memory (DRAM). Over the last decade, a significant number of Rowhammer attacks have been presented to reveal that it is a severe ...
Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Just-in-time return-oriented programming (JIT-ROP) allows one to dynamically discover instruction pages and launch code reuse attacks, effectively bypassing most fine-grained address space layout randomization (ASLR) protection. However, in-depth ...
Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers

We compare alternative information security policies-facilitating enduser precautions and enforcement against attackers. The context is mass and targeted attacks, taking account of strategic interactions between end users and attackers. For both mass ...

Comments

Information & Contributors

Information

Published In

Communications of the ACM Volume 52, Issue 11

Scratch Programming for All

November 2009

135 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/1592761

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 2009

Published in CACM Volume 52, Issue 11

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
1,864
Total Downloads

Downloads (Last 12 months)303
Downloads (Last 6 weeks)51

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Mohamed MChakraborty JDehlinger J(2017)Trading off usability and security in user interface design through mental modelsBehaviour & Information Technology10.1080/0144929X.2016.126289736:5(493-516)Online publication date: 1-May-2017
https://dl.acm.org/doi/10.1080/0144929X.2016.1262897
Cram WBrohman MGallupe R(2016)Hitting a moving targetInformation Systems Journal10.1111/isj.1205926:3(195-226)Online publication date: 1-May-2016
https://dl.acm.org/doi/10.1111/isj.12059
Alec Cram WKathryn Brohman MChan YBrent Gallupe R(2016)Information systems control alignmentInformation and Management10.1016/j.im.2015.09.01253:2(183-196)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1016/j.im.2015.09.012
Soomro ZShah MAhmed J(2016)Information security management needs more holistic approachInternational Journal of Information Management: The Journal for Information Professionals10.1016/j.ijinfomgt.2015.11.00936:2(215-225)Online publication date: 1-Apr-2016
https://dl.acm.org/doi/10.1016/j.ijinfomgt.2015.11.009
Yaokumah W(2015)Evaluating the Effectiveness of Information Security Governance Practices in Developing NationsStandards and Standardization10.4018/978-1-4666-8111-8.ch062(1317-1333)Online publication date: 2015
https://doi.org/10.4018/978-1-4666-8111-8.ch062
Mejias RBalthazard P(2015)A Model of Information Security Awareness for Assessing Information Security Risk for Emerging TechnologiesJournal of Information Privacy and Security10.1080/15536548.2014.97440710:4(160-185)Online publication date: 7-Jan-2015
https://doi.org/10.1080/15536548.2014.974407
Yasasin ERauchecker GPrester JSchryen G(2014)A Fuzzy Security Investment Decision Support Model for Highly Distributed SystemsProceedings of the 2014 International Semiconductor Laser Conference10.1109/DEXA.2014.65(291-295)Online publication date: 7-Sep-2014
https://dl.acm.org/doi/10.1109/DEXA.2014.65
Yaokumah W(2013)Evaluating the Effectiveness of Information Security Governance Practices in Developing NationsInternational Journal of IT/Business Alignment and Governance10.4018/jitbag.20130101034:1(27-43)Online publication date: 1-Jan-2013
https://dl.acm.org/doi/10.4018/jitbag.2013010103
Liginlal DKhansa L(2012)Regulatory Influence and the Imperative of Innovation in Identity and Access ManagementInformation Resources Management Journal10.4018/irmj.201207010425:3(78-97)Online publication date: 1-Jul-2012
https://dl.acm.org/doi/10.4018/irmj.2012070104
Zobel CKhansa L(2012)Quantifying Cyberinfrastructure Resilience against Multi‐Event AttacksDecision Sciences10.1111/j.1540-5915.2012.00364.x43:4(687-710)Online publication date: 4-Jul-2012
https://doi.org/10.1111/j.1540-5915.2012.00364.x
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

References

Cited By

Index Terms

Recommendations

Quantifying Rowhammer Vulnerability for DRAM Security

Methodologies for Quantifying (Re-)randomization Security and Timing under JIT-ROP

Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Magazine Site

Login options

Full Access

Share

Share this Publication link

Share on social media

Affiliations