Controls-based approach for evaluation of information security standards implementation costs
According to the PricewaterhouseCoopers analysis, the average cost of a single information security and data protections breaches has increased twice during 2015 (Pricewaterhouse Coopers 2015). Amount of organizations who reported serious breach has also risen (from 9% in 2015 to 17% in 2016) (Pric...
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Vilnius Gediminas Technical University
2017-01-01
|
| Series: | Technological and Economic Development of Economy |
| Subjects: | |
| Online Access: | http://journals.vgtu.lt/index.php/TEDE/article/view/634 |
| id |
doaj-9e43adc0a0d54562adc7c38aeea8d680 |
|---|---|
| record_format |
Article |
| spelling |
doaj-9e43adc0a0d54562adc7c38aeea8d6802021-07-02T17:11:57ZengVilnius Gediminas Technical UniversityTechnological and Economic Development of Economy2029-49132029-49212017-01-0123110.3846/20294913.2017.1280558Controls-based approach for evaluation of information security standards implementation costsDmitrij Olifer0Nikolaj Goranin1Arnas Kaceniauskas2Antanas Cenys3Department of Graphical Systems, Faculty of Fundamental Sciences, Vilnius Gediminas Technical University, Saulėtekio al. 11, LT-10223, Vilnius, LithuaniaDepartment of Information Systems, Faculty of Fundamental Sciences, Vilnius Gediminas Technical University, Saulėtekio al. 11, LT-10223, Vilnius, LithuaniaDepartment of Graphical Systems, Faculty of Fundamental Sciences, Vilnius Gediminas Technical University, Saulėtekio al. 11, LT-10223, Vilnius, LithuaniaDepartment of Information Systems, Faculty of Fundamental Sciences, Vilnius Gediminas Technical University, Saulėtekio al. 11, LT-10223, Vilnius, Lithuania According to the PricewaterhouseCoopers analysis, the average cost of a single information security and data protections breaches has increased twice during 2015 (Pricewaterhouse Coopers 2015). Amount of organizations who reported serious breach has also risen (from 9% in 2015 to 17% in 2016) (PricewaterhouseCoopers 2016). To achieve their goals criminals are using different techniques starting from Social engineering (phishing, whaling) and finishing with malware execution (such as ransomware) on target machines. Recent attacks (attack on Central Bank of Bangladesh, fraud attack on Mattel CEO and attack on Thailand state-run Government bank ATM) show, that criminals are very well organized, equipped and spend a lot of money and time to prepare their attacks. To protect themselves organizations are required to ensure security in depth principles and implement complex Security solutions, which are able to ensure the needed level of information security in appropriate costs. However, information security cost-benefits assessment is complicated, because of lack of structured cost-benefit methods and issues with comparing IT security solutions in light of prevailing uncertainties. Existing methods are oriented on processes, environment lifecycles or specific standard implementations. Because of that, existing methods do not cover all needed security areas and methods reusability is a complicated task. Trying to solve this issue, we have proposed a new method for information standards implementation costs evaluation, based on information security controls. http://journals.vgtu.lt/index.php/TEDE/article/view/634security standardscost-benefit methodsrisk analysisvulnerability analysisgap analysisimpact |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Dmitrij Olifer Nikolaj Goranin Arnas Kaceniauskas Antanas Cenys |
| spellingShingle |
Dmitrij Olifer Nikolaj Goranin Arnas Kaceniauskas Antanas Cenys Controls-based approach for evaluation of information security standards implementation costs Technological and Economic Development of Economy security standards cost-benefit methods risk analysis vulnerability analysis gap analysis impact |
| author_facet |
Dmitrij Olifer Nikolaj Goranin Arnas Kaceniauskas Antanas Cenys |
| author_sort |
Dmitrij Olifer |
| title |
Controls-based approach for evaluation of information security standards implementation costs |
| title_short |
Controls-based approach for evaluation of information security standards implementation costs |
| title_full |
Controls-based approach for evaluation of information security standards implementation costs |
| title_fullStr |
Controls-based approach for evaluation of information security standards implementation costs |
| title_full_unstemmed |
Controls-based approach for evaluation of information security standards implementation costs |
| title_sort |
controls-based approach for evaluation of information security standards implementation costs |
| publisher |
Vilnius Gediminas Technical University |
| series |
Technological and Economic Development of Economy |
| issn |
2029-4913 2029-4921 |
| publishDate |
2017-01-01 |
| description |
According to the PricewaterhouseCoopers analysis, the average cost of a single information security and data protections breaches has increased twice during 2015 (Pricewaterhouse Coopers 2015). Amount of organizations who reported serious breach has also risen (from 9% in 2015 to 17% in 2016) (PricewaterhouseCoopers 2016). To achieve their goals criminals are using different techniques starting from Social engineering (phishing, whaling) and finishing with malware execution (such as ransomware) on target machines. Recent attacks (attack on Central Bank of Bangladesh, fraud attack on Mattel CEO and attack on Thailand state-run Government bank ATM) show, that criminals are very well organized, equipped and spend a lot of money and time to prepare their attacks. To protect themselves organizations are required to ensure security in depth principles and implement complex Security solutions, which are able to ensure the needed level of information security in appropriate costs.
However, information security cost-benefits assessment is complicated, because of lack of structured cost-benefit methods and issues with comparing IT security solutions in light of prevailing uncertainties. Existing methods are oriented on processes, environment lifecycles or specific standard implementations. Because of that, existing methods do not cover all needed security areas and methods reusability is a complicated task. Trying to solve this issue, we have proposed a new method for information standards implementation costs evaluation, based on information security controls.
|
| topic |
security standards cost-benefit methods risk analysis vulnerability analysis gap analysis impact |
| url |
http://journals.vgtu.lt/index.php/TEDE/article/view/634 |
| work_keys_str_mv |
AT dmitrijolifer controlsbasedapproachforevaluationofinformationsecuritystandardsimplementationcosts AT nikolajgoranin controlsbasedapproachforevaluationofinformationsecuritystandardsimplementationcosts AT arnaskaceniauskas controlsbasedapproachforevaluationofinformationsecuritystandardsimplementationcosts AT antanascenys controlsbasedapproachforevaluationofinformationsecuritystandardsimplementationcosts |
| _version_ |
1721325775420915712 |