Value creation and return on security investments (ROSI)
2007 (English)In: New Approaches for Security, Privacy and Trust in Complex Environments / [ed] Venter, H; Eloff, M; Labuschagne, L; Eloff, J; VonSolms, R, 2007, Vol. 232, 25-35 p.Conference paper (Refereed)
This paper investigates if IT security is as a part of value creation. The first part of the commentary focuses on the current theoretical conditions for IT security as a part of value creation. Different Return On Security Investment (ROSI) models are studied to investigate if they can calculate value creation with regard either to efficiency or to effectiveness. The second part of the paper investigates empirical evidence of a ROSI or any indication of a shareholder value perspective on IT security in three large, listed companies from different business segments. What they have in common is their first priority: value creation. The commentary begins by describing the "Productivity Paradox". It is followed by the most well-known ROSI models. Then, it explains the models applicability in value creation. Next, the three companies in the study are investigated. In the following section conclusions are drawn. Finally, the results of the research are discussed.
Place, publisher, year, edition, pages
2007. Vol. 232, 25-35 p.
, International Federation For Information Processing, ISSN 1571-5736 ; 232
Computer and Information Science
IdentifiersURN: urn:nbn:se:kth:diva-40710ISI: 000246676500003ScopusID: 2-s2.0-36248980334ISBN: 978-0-387-72366-2OAI: oai:DiVA.org:kth-40710DiVA: diva2:442700
22nd International Information Security Conference Location: Sandton, South Africa, Date: MAY 14-16, 2007