Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Can spending on information security be justified? Evaluating the security spending decision from the perspective of a rational actor

Can spending on information security be justified? Evaluating the security spending decision from... Purpose – The purpose of this paper is to investigate the optimality of various strategies for spending on information security. Being able to understand the strengths and weaknesses of spending strategies is useful to organizations. Design/methodology/approach – The author's analysis begins with a whole‐systems view of the security spending decision that encompasses people, technology, and economics and a taxonomy of justifications is presented for spending on information security. Each justification within the taxonomy is discussed, with that analysis used to examine the apparent rationality of a number of common spending strategies. A model is constructed that can be used in a practical manner to enable an organization to select a rational approach to spending on information security. Findings – The author describes two spending strategies intended to be simple and straightforward for an organization to employ in a practical manner. These strategies account for a number of weaknesses in common justifications for spending on information security. They also take into consideration the observation that a number of pressures push companies towards inefficiency in their spending. Originality/value – When faced with budgeting decisions, managers are bound by fiduciary duty to identify those investments that will maximize shareholder value. As such, decisions about spending must be carefully considered and evaluated in rational economic terms. This paper provides useful thinking on this important topic. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information Management & Computer Security Emerald Publishing

Can spending on information security be justified? Evaluating the security spending decision from the perspective of a rational actor

Information Management & Computer Security , Volume 20 (4): 15 – Oct 5, 2012

Loading next page...
 
/lp/emerald-publishing/can-spending-on-information-security-be-justified-evaluating-the-ZiyJBITmJ9
Publisher
Emerald Publishing
Copyright
Copyright © 2012 Emerald Group Publishing Limited. All rights reserved.
ISSN
0968-5227
DOI
10.1108/09685221211267675
Publisher site
See Article on Publisher Site

Abstract

Purpose – The purpose of this paper is to investigate the optimality of various strategies for spending on information security. Being able to understand the strengths and weaknesses of spending strategies is useful to organizations. Design/methodology/approach – The author's analysis begins with a whole‐systems view of the security spending decision that encompasses people, technology, and economics and a taxonomy of justifications is presented for spending on information security. Each justification within the taxonomy is discussed, with that analysis used to examine the apparent rationality of a number of common spending strategies. A model is constructed that can be used in a practical manner to enable an organization to select a rational approach to spending on information security. Findings – The author describes two spending strategies intended to be simple and straightforward for an organization to employ in a practical manner. These strategies account for a number of weaknesses in common justifications for spending on information security. They also take into consideration the observation that a number of pressures push companies towards inefficiency in their spending. Originality/value – When faced with budgeting decisions, managers are bound by fiduciary duty to identify those investments that will maximize shareholder value. As such, decisions about spending must be carefully considered and evaluated in rational economic terms. This paper provides useful thinking on this important topic.

Journal

Information Management & Computer SecurityEmerald Publishing

Published: Oct 5, 2012

Keywords: Data security; Information management; Costs; Decision making; Information security; Information systems; Spending strategies; Efficiency; Incentives; Psychology; Economics

References