Justifying information security investments in web software: (Quantitative techno-business modeling approach)

Security of services and platforms is a vital and complex aspect, which requires significant investments. We use a techno-business modeling (TBM) approach for analysis of service platform security, aiming at justifying the information security investments during the life-cycle of a web software platform. Techno-business environment influences the above-mentioned models and scenarios. It is analyzed by drivers and driver-based scenarios. The TBM had to be extended for security analyses. We have added the set of security drivers and scenarios, in order to model the effect of misuse cases (triggered by security breaches). After simulation of security breaches and misuse cases, their influence on the rest of the environmental drivers (and the TBM models and scenarios) is calculated. Quantitative analysis (value and cash flow based valuation) captured both the short-term and the long-term effects of the misuse cases. We demonstrate our modeling approach on the proof-of-the-concept case: web software solution for service delivery to social network sites.