A risk and cost-benefit assessment of information security measures in lubricating oils company

Conference proceedings article


Authors/Editors


Strategic Research Themes

No matching items found.


Publication Details

Author listDejdumrong N., Anannavee N., Uttranadhi T.

PublisherHindawi

Publication year2010

Start page7

End page12

Number of pages6

ISBN9780889868618

ISSN0146-9428

eISSN1745-4557

URLhttps://www.scopus.com/inward/record.uri?eid=2-s2.0-79955976801&doi=10.2316%2fP.2010.704-053&partnerID=40&md5=81c1fd41f86c5313ba61b3a1135a6ff8

LanguagesEnglish-Great Britain (EN-GB)


View on publisher site


Abstract

In the current situation of world economic and political uncertainty, risk assessment and management of a company is inevitably required as an obligation not just an option. Information security assessment is an important component of an effective risk management process. This paper proposes a technique how business should determine its information assets and justify the investments in information system protection by using the well-known technique called the cost-benefit analysis (CBA). In order to examine the technique, one of the lubricating oils companies is selected as a case study. Its system is then assessed and the information assets are determined. The security weaknesses or vulnerability of the systems have been defined. Finally, some potential solutions were recommended to be implemented. An incident response management including its associated plans is also introduced as an application of information security assessment. The result from this research indicated that the CBA technique can be used as an effective tool to optimize the IT security investment and prioritize the implementation.


Keywords

cost-benefit analysisIncident response planInformation assetInformation security


Last updated on 2023-04-10 at 07:35