Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
The economics of information security
Dissertation (MSc)--University of Pretoria, 2010.
Saved in:
| Other Authors: | |
|---|---|
| Format: | Thesis |
| Published: |
University of Pretoria
2013
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613652532592641 |
|---|---|
| access_status_str | Open Access |
| author2 | Eloff, Jan H.P. |
| author_browse | Eloff, Jan H.P. |
| author_facet | Eloff, Jan H.P. |
| collection | Thesis |
| dc_rights_str_mv | © 2010, University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. |
| description | Dissertation (MSc)--University of Pretoria, 2010. |
| format | Thesis |
| id | oai:repository.up.ac.za:2263/28060 |
| institution | University of Pretoria (South Africa) |
| last_indexed | 2026-06-10T12:39:33.363Z |
| license_str | Other — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UPSpace — University of Pretoria Institutional Repository |
| publishDate | 2013 |
| publishDateRange | 2013 |
| publishDateSort | 2013 |
| publisher | University of Pretoria |
| publisherStr | University of Pretoria |
| record_format | dspace |
| source_str | UPSpace — University of Pretoria Institutional Repository |
| spelling | oai:repository.up.ac.za:2263/28060 The economics of information security Eloff, Jan H.P. mdlamini@cs.up.ac.za Dlamini, Moses Thandokuhle Broad control categories Information security standards Budget constraints Information security Information security investment Information security budget Information security controls Regulatory compliance and cost indicators UCTD Dissertation (MSc)--University of Pretoria, 2010. In the year 2008, world markets suffered a huge economic crisis. The extent of the economic crisis has been so severe and has had a global impact. As a contingency strategy, governments of wealthy nations have resorted to extensive bailouts and rescue packages to stop organisations from going bankrupt. A skyrocketing amount of money has been spent on rescue packages and bailouts for the tumbling organisations. However, this could not stop some of the world’s wealthiest financial institutions e.g. Lehman Brothers, Northern Rock, etc from collapsing. Most of the surviving organisations froze their expenditure, implemented cost-cutting measures and in the process, numerous employees lost their jobs. Executives were compelled to ‘achieve more with less’ in order to save their organisations from going bankrupt. It is on this premise that this research proposed the BC3I (Broad Control Category Cost Indicators) model, which is a step towards ‘achieving more with less’ within information security budgeting. The tumbling world markets and increased requirements for legal and regulatory compliance have made this a timely and relevant research that addressed a current, spot-on and global problem. The BC3I model as the main outcome of this research has indeed come at the right time. The BC3I model as proposed in this research makes a real contribution towards assisting information security managers as they make informed decisions regarding the optimal and cost-effective allocation of financial resources to information security activities. The proposed model can be argued to be a good start towards the selection of appropriate controls to optimally and cost-effectively protect organisations’ information assets and simultaneously achieve compliance with legal and regulatory mandates. As a proof of concept, the practicality of the BC3I model has been demonstrated in three different scenarios. The model has been illustrated for an organisation chosen from the financial sector; being the hardest hit by the economic crisis. Furthermore, the financial sector is chosen because of its high reliance on information security for the most obvious reasons that of dealing with money and confidential customer information. Finally and for acceptance purposes, the model has been discussed and reviewed by industry experts from the financial sector. Copyright Computer Science unrestricted 2013-09-07T12:48:59Z 2010-09-20 2013-09-07T12:48:59Z 2010-09-02 2010-09-20 2010-09-20 Dissertation Dlamini, MT 2010, The economics of information security, MSc dissertation, University of Pretoria, Pretoria, viewed yymmdd < http://hdl.handle.net/2263/28060 > E10/535/gm http://hdl.handle.net/2263/28060 http://upetd.up.ac.za/thesis/available/etd-09202010-174918/ © 2010, University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. application/pdf University of Pretoria |
| spellingShingle | Broad control categories Information security standards Budget constraints Information security Information security investment Information security budget Information security controls Regulatory compliance and cost indicators UCTD The economics of information security |
| title | The economics of information security |
| title_full | The economics of information security |
| title_fullStr | The economics of information security |
| title_full_unstemmed | The economics of information security |
| title_short | The economics of information security |
| title_sort | economics of information security |
| topic | Broad control categories Information security standards Budget constraints Information security Information security investment Information security budget Information security controls Regulatory compliance and cost indicators UCTD |
| url | http://hdl.handle.net/2263/28060 http://upetd.up.ac.za/thesis/available/etd-09202010-174918/ |