We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
On metrics and prioritization of investments in hardware security.
- Authors
Collier, Zachary A.; Briglia, Brett; Finkelston, Tom; Manasco, Mark C.; Slutzky, David L.; Lambert, James H.
- Abstract
The security risks posed by electronics are numerous. There are typically a variety of risk‐reducing countermeasures for a given system or across an enterprise. Each countermeasure is associated with both a level of risk reduction and its lifecycle costs. Given budgetary constraints, risk managers and systems engineers must determine what combinations of countermeasures cost‐effectively maximize risk reduction, and what metrics best guide the investment process. In this paper, we seek to answer these questions through exploration of risk reduction metrics from the field of security economics, including the benefit/cost ratio, return on security investment (ROSI), expected benefit of information security (EBIS), and expected net benefit of information security (ENBIS). The results suggest that ratio‐based metrics are not strongly correlated with risk reduction, while EBIS is equivalent to risk reduction and ENBIS is equal to risk reduction minus cost.
- Subjects
INFORMATION technology security; RISK managers; SYSTEMS engineering; COST control
- Publication
Systems Engineering, 2023, Vol 26, Issue 4, p425
- ISSN
1098-1241
- Publication type
Article
- DOI
10.1002/sys.21667