A risk and cost-benefit assessment of information security measures in lubricating oils company
Conference proceedings article
Authors/Editors
Strategic Research Themes
No matching items found.
Publication Details
Author list: Dejdumrong N., Anannavee N., Uttranadhi T.
Publisher: Hindawi
Publication year: 2010
Start page: 7
End page: 12
Number of pages: 6
ISBN: 9780889868618
ISSN: 0146-9428
eISSN: 1745-4557
Languages: English-Great Britain (EN-GB)
Abstract
In the current situation of world economic and political uncertainty, risk assessment and management of a company is inevitably required as an obligation not just an option. Information security assessment is an important component of an effective risk management process. This paper proposes a technique how business should determine its information assets and justify the investments in information system protection by using the well-known technique called the cost-benefit analysis (CBA). In order to examine the technique, one of the lubricating oils companies is selected as a case study. Its system is then assessed and the information assets are determined. The security weaknesses or vulnerability of the systems have been defined. Finally, some potential solutions were recommended to be implemented. An incident response management including its associated plans is also introduced as an application of information security assessment. The result from this research indicated that the CBA technique can be used as an effective tool to optimize the IT security investment and prioritize the implementation.
Keywords
cost-benefit analysis, Incident response plan, Information asset, Information security