CONTROLS-BASED APPROACH FOR EVALUATION OF INFORMATION SECURITY STANDARDS IMPLEMENTATION COSTS

摘要

According to the PricewaterhouseCoopers analysis, the average cost of a single information security and data protections breaches has increased twice during 2015 (Pricewaterhouse Coopers 2015). Amount of organizations who reported serious breach has also risen (from 9% in 2015 to 17% in 2016) (PricewaterhouseCoopers 2016). To achieve their goals criminals are using different techniques starting from Social engineering (phishing, whaling) and finishing with malware execution (such as ransomware) on target machines. Recent attacks (attack on Central Bank of Bangladesh, fraud attack on Mattel CEO and attack on Thailand state-run Government bank ATM) show, that criminals are very well organized, equipped and spend a lot of money and time to prepare their attacks. To protect themselves organizations are required to ensure security in depth principles and implement complex Security solutions, which are able to ensure the needed level of information security in appropriate costs.