Analyzing security costs

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Analyzing security costs

Full text

Html (20 KB), Pdf

Pdf (74 KB)

Source

Communications of the ACM archive
Volume 46 , Issue 6 (June 2003) table of contents
E-services: a cornucopia of digital offerings ushers in the next Net-based evolution

COLUMN: Security watch table of contents

Pages: 15 - 18

Year of Publication: 2003

ISSN:0001-0782

Author

Rebecca T. Mercuri

Notable Software, Inc., Princeton, NJ

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 24, Downloads (12 Months): 209, Citation Count: 3

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/777313.777327 What is a DOI?

ABSTRACT

Quantification tools, if applied prudently, can assist in the anticipation, budgeting, and control of direct and indirect computer security costs.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Adams, J. Cars, Cholera, and Cows: The Management of Risk and Uncertainty. Cato Institute, March 1999.
	2	Anderson, R. Why Information Security is Hard---An Economic Perspective. Sept. 2001; www.cl.cam.ac.uk/~rja14/econsec.html
	3	Timing the Application of Security Patches for Optimal Uptime, Proceedings of the 16th USENIX conference on System administration, November 03-08, 2002, Philadelphia, PA
	4	Brookings Institution. Interdependent Security: Implications for Homeland Security Policy and Other Areas. Policy Brief #108, Oct. 2002.
	5	Clarke, R. Computer matching by government agencies: The failure of cost/benefit analysis as a control mechanism. Information Infrastructure and Policy 4, 1 (Mar. 1995); www.anu.edu.au/people/Roger.Clarke/DV/MatchCBA.html
	6	Federal Information Processing Standards. Guideline for the Analysis of Local Area Network Security. National Institute of Standards and Technology, FIPS PUB 191, Nov. 1994; www.itl.nist.gov/fipspubs/fip191.htm
	7	Gordon, L.A. and Loeb, M.P. Return on information security investments: Myths vs. realities. Strategic Finance Magazine (Nov. 2002); www.strategicfinancemag.com/2002/11i.htm
	8	Office of the Deputy Chief Information Officer. Cost-Benefit Analysis Guide for NIH IT Projects. Center for Information Technology, National Institutes of Health, May 1999; wwwoirm.nih.gov/itmra/cbaguide.html
	9	Silverman, R.D. A cost-based security analysis of symmetric and asymmetric key lengths. RSA Laboratories Bulletin 13 (Apr. 2000).
	10	Wei, F. et al. Cost-benefit analysis for network intrusion detection systems. In Proceedings of the CSI 28th Annual Computer Security Conference, (Oct. 2001).

CITED BY 3

	Thomas Neubauer , Markus Klemen , Stefan Biffl, Business process-based valuation of IT-security, ACM SIGSOFT Software Engineering Notes, v.30 n.4, July 2005
	Karthik Kannan , Jackie Rees , Sanjay Sridhar, Market Reactions to Information Security Breach Announcements: An Empirical Analysis, International Journal of Electronic Commerce, v.12 n.1, p.69-91, Number 1 / Fall 2007
	Qing Hu , Paul Hart , Donna Cooke, The role of external and internal influences on information systems security - a neo-institutional perspective, The Journal of Strategic Information Systems, v.16 n.2, p.153-172, June, 2007