Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Assessing Future Value of Investments in Security-Related IT Governance Control Objectives: Surveying IT Professionals
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0003-3922-9606
2011 (English)In: Electronic Journal of Information Systems Evaluation, ISSN 1566-6379, E-ISSN 1566-6379, Vol. 14, no 2, 216-227 p.Article in journal (Refereed) Published
Abstract [en]

Optimizing investments in IT governance towards a better information security is an understudied topic in the academic literature. Further, collecting empirical evidence by surveying IT professionals on their relative opinion in this matter has not yet been explored to its full potential. This paper has tried to somewhat overcome this gap by surveying IT professionals on the expected future value from investments in security‑related IT governance control objectives. The paper has further investigated if there are any control objectives that provide more value than others and are therefore more beneficial to invest in. The Net Present Value (NPV) technique has been used to assess the IT professional’s relative opinion on the generated future value of investments in 19 control objectives. The empirical data was collected through a survey distributed to professionals from the IT security, governance and/or assurance domain and analyzed using standard statistical tools. The results indicate that the vast majority of investments in control objectives is expected to yield a positive NPV, and are beneficial to an organization. This result implies that investments in control objectives are expected to generate future value for a firm, which is an important finding since many of the benefits from an investment are indirectly related and may occur well into the future. The paper moreover contributes in strengthening the link between IT governance and information security.

Place, publisher, year, edition, pages
2011. Vol. 14, no 2, 216-227 p.
Keyword [en]
IT governance, control objectives, information security, net present value
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
URN: urn:nbn:se:kth:diva-100996OAI: oai:DiVA.org:kth-100996DiVA: diva2:546054
Note

QC 20120919

Available from: 2012-08-22 Created: 2012-08-22 Last updated: 2017-12-07Bibliographically approved

Open Access in DiVA

No full text

Other links

http://www.ejise.com/volume14/issue2

Authority records BETA

Ekstedt, Mathias

Search in DiVA

By author/editor
Rocha Flores, WaldoSommestad, TeodorHolm, HannesEkstedt, Mathias
By organisation
Industrial Information and Control Systems
In the same journal
Electronic Journal of Information Systems Evaluation
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 86 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf