Home  Journals  Financial Analytics: Science and Experience  10(292) - 2016 March

Evaluating the efficiency of optimal investment in the corporate information security management system

Vol. 9, Iss. 10, MARCH 2016

Article PDF Version

Received: 28 December 2015

Accepted: 3 February 2016

Available online: 16 March 2016

Subject Heading: MATHEMATICAL ANALYSIS AND MODELING IN ECONOMICS

JEL Classification: C21, C61, G24, G32

Pages: 15-21

Importance To improve the information security management system, there should be a preliminary evaluation and substantiation of possible target indicators and/or activities needed to ensure the required security of information assets, rationale for raising funds to implement the activities, and respective financial needs.
     Objectives The research substantiates and determines the optimal amount of investment in the corporate information security management system; proposes investment efficiency indicators as criteria to evaluate the efficiency of activities for ensuring the required security of information resources.
     Methods Using methods of differential calculus and probability theory, we analyzed the risks associated with corporate information security and its ineffective management. The article determines criteria to evaluate the efficiency of investment in the information security management system, which reduce the information risk.
     Results The article sets out the methods for assessing the optimal amount of investment in the corporate information security management system and criteria to evaluate the efficiency of optimal investment.
     Conclusions and Relevance The research reviews the method to find and substantiate possible target indicators and/or activities for improving the corporate information security management system, and rationale for raising funds to implement the activities and respective finance.

Keywords: investing activity, project finance, efficiency criteria, information security, mathematical models

References:

1. Rad'ko N.M., Skobelev I.O. Risk-modeli informatsionno-telekommunikatsionnykh sistem pri realizatsii ugroz udalennogo i neposredstvennogo dostupa [Risk models of information and telecommunications systems in terms of remote and immediate access threats]. Moscow, Radio Soft Publ., 2010, 232 p.
2. Serdyuk V.A. Organizatsiya i tekhnologiya zashchity informatsii: obnaruzhenie i predotvrashchenie informatsionnykh atak v avtomatizirovannykh sistemakh predpriyatii [Data protection organization and technology: detection and prevention of information attacks in corporate automated systems]. Moscow, National Research University – Higher School of Economics Publ., 2011, 572 p.
3. Dednev M.A., Dyl'nov D.V., Ivanov M.A. Zashchita informatsii v bankovskom dele i elektronnom biznese [Information security in banking and e-commerce]. Moscow, KUDITs-Obraz Publ., 2004, 512 p.
4. Goldovskii I. Bezopasnost' elektronnykh platezhei v Internete [Security of electronic payments via the Internet]. St. Petersburg, Piter Publ., 2001, 240 p.
5. Finne T. A Conceptual Framework for Information Security Management. Computers & Security, 1998, vol. 17, iss. 4, pp. 303–307.
6. Tanaka H., Matsuhara K. Vulnerability and Effects of Information Security Investment: A Firm Level of Empirical Analysis of Japan. An International Forum of Financial Information Systems and Cybersecurity: A Public Policy Perspective. College Park, 2005, pp. 589–599.
7. Gordon L.A., Loeb M.P. The Economics of Information Security Investment. ACM Transactions on Information and System Security, 2002, vol. 5, no. 4, pp. 438–457.
8. Задiрака В.К., Олесюк О.С., Смоленюк Р.П., Штаблюк П.I. Фiнансування витрат на захист iнформацiї в економiчнiй дiяльностi. Унiверситетьскi науковi записи, 2006, no. 3-4, pp. 479–490.
9. Левченко Є.Г., Демчишин М.В., Рабчун А.О. Математичнi моделi економiчного менеджменту iнформацiйної безпеки. Системнi дослідження та інформацiйнi технології, 2011, no. 4, pp. 88–96.
10. Левченко Є.Г., Вербовська Г.В. Динамiчне управлiння ресурсами захисту iнформацiї. Захист Iнформацiї, 2011, no. 1, pp. 11–17.
11. Azhmukhamedov I.M., Khanzhina T.B. Otsenka ekonomicheskoi effektivnosti mer po obespecheniyu informatsionnoi bezopasnosti [Analyzing the cost-effectiveness of information security measures]. Vestnik Astrakhanskogo GTU. Ser. Ekonomika = Vestnik of Astrakhan State Technical University. Series: Economics, 2011, no. 1, pp. 185–190.
12. Sobakin I.B. Analiz podkhodov k opredeleniyu optimal'nogo ob"ema investitsii v informatsionnuyu bezopasnost' [Analyzing approaches to determining optimal investment in information security]. Trudy ISA RAN = Proceedings of Institute for Systems Analysis of Russian Academy of Sciences, 2012, vol. 62, no. 3, pp. 63–68.
13. Skripkin K.G. Ekonomicheskaya effektivnost' informatsionnykh system [Economic efficiency of information systems]. Moscow, DMK Press Publ., 2002, 256 p.
14. Kurilo A.P., Miloslavskaya N.G., Senatorov M.Yu., Tolstoi A.I. Osnovy upravleniya informatsionnoi bezopasnost'yu [Fundamentals of information security management]. Moscow, Goryachaya liniya-Telekom Publ., 2014, 244 p.

View all articles of issue

ISSN 2311-8768 (Online)
ISSN 2073-4484 (Print)

Journal current issue

Vol. 17, Iss. 1 March 2024

Archive