Standard approach for quantification of the ICT security investment for cybercrime prevention

摘要

With rise of the potential risks from different cyberattacks on the ICT systems the investment in security technology is growing and is becoming a serious economic issue to many organizations. The assessment of the appropriate investment that is economically affordable and provides enough protection of the enterprise information system is an issue that is analysed in this paper. Identification of the assets, the threats, the vulnerabilities of the ICT systems are presented and the methods for quantification of the necessary investment. The paper concludes with a recommendation for a standard approach for optimal selection of security technology investment.