Effective Security Safeguard Selection Process for Return on Security Investment

Author

Kim, Do Hoon ; Lee, Taek ; In, Hoh Peter

Author_Institution

Dept. of Comput. Sci. & Eng., Korea Univ., Seoul

fYear

2008

fDate

9-12 Dec. 2008

Firstpage

668

Lastpage

673

Abstract

Over the past few years, a considerable number of studies have been made on the Return on Security Investment (ROSI) in connection with security policy. However, it is necessary to quantity types of projected damages, cyber threats, security safeguards and ROSI, since the size of information system and its investment factors are growing continuously. Accordingly, in this paper, we propose a way of effective security investment for a higher ROSI, focusing on how to efficiently conduct assessment with use of the Analytic Hierarchy Process (AHP)-based Canonical Correlation Analysis (CCA). The CCA is a means of measuring the linear relationship between relevant cyber threats and corresponding security-safeguarding methods. Finally, we illustrate how such analyses can be used for determination of which security-safeguarding method functions most efficiently, as alternative to the current security investment policy.

Keywords

security of data; analytic hierarchy process; canonical correlation analysis; information system; security investment policy; security safeguard selection process; security-safeguarding method; Computer hacking; Computer science; Computer security; Costs; Data security; Information security; Information systems; Investments; Lead; Particle measurements; Analytic Hierarchy Process; Canonical Correlation Analysis; Return on Security Investment; Security Safeguard;

fLanguage

English

Publisher

ieee

Conference_Titel

Asia-Pacific Services Computing Conference, 2008. APSCC '08. IEEE

Conference_Location

Yilan

Print_ISBN

978-0-7695-3473-2

Electronic_ISBN

978-0-7695-3473-2

Type

conf

DOI

10.1109/APSCC.2008.182

Filename

4780750