Vše

Co hledáte?

Vše
Projekty
Výsledky výzkumu
Subjekty

Rychlé hledání

  • Projekty podpořené TA ČR
  • Významné projekty
  • Projekty s nejvyšší státní podporou
  • Aktuálně běžící projekty

Chytré vyhledávání

  • Takto najdu konkrétní +slovo
  • Takto z výsledků -slovo zcela vynechám
  • “Takto můžu najít celou frázi”

Comparison of the Most Important Models of Investments in Cyber and Information Security

Identifikátory výsledku

  • Kód výsledku v IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26510%2F22%3APU145351" target="_blank" >RIV/00216305:26510/22:PU145351 - isvavai.cz</a>

  • Výsledek na webu

    <a href="https://trends.fbm.vutbr.cz/index.php/trends/article/view/621" target="_blank" >https://trends.fbm.vutbr.cz/index.php/trends/article/view/621</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.13164/trends.2022.39.25" target="_blank" >10.13164/trends.2022.39.25</a>

Alternativní jazyky

  • Jazyk výsledku

    angličtina

  • Název v původním jazyce

    Comparison of the Most Important Models of Investments in Cyber and Information Security

  • Popis výsledku v původním jazyce

    Purpose of the article: Cyber security has become a key factor in determining the success or failure of companies that rely on information systems. However, this entails considerable investment. Typical investments in information technology aim to create value, while investments in cyber security aim to minimise losses caused by cyber-attacks. In the case of investment in cyber and information security, therefore, we must evaluate the amount of loss that will never actually occur. This is a complicated problem, and several approaches have been proposed over the years to estimate the cost-benefit balance of security investments. Methodology/methods: This paper is based on previous research (Podešva et al., 2021), where two most used methods of the ROI / ROSI (Bojanc, 2008) and Gordon-Loe model (Gordon, Loeb, 2002) were identified in the field of investments in cyber and information security. Both methods are described and the advantages and limitations for further research are identified. Scientific aim: The main goal is to select the most suitable method for further research in the field of investment in cyber and information security. Findings: ROI / ROSI does not seem suitable for further research because it only tells us what percentage of return on in-vestment will be provided during a given period. The separate use of this method (ROI / ROSI) provides us with very limited results and it is necessary to combine it with other methods. On the other hand, the Gordon-Loeb model is much more complex despite several limitations, especially for coefficients ʎ and t. Further research will therefore focus on the constant t (probability of attack on a given information set) and its value will be modelled based on the SIR epidemic model on network with standard incidents (Podešva, Koch 2019). Conclusions: At present, there is no standardised approach to decision-making and the size of investments in cyber and in-formatio

  • Název v anglickém jazyce

    Comparison of the Most Important Models of Investments in Cyber and Information Security

  • Popis výsledku anglicky

    Purpose of the article: Cyber security has become a key factor in determining the success or failure of companies that rely on information systems. However, this entails considerable investment. Typical investments in information technology aim to create value, while investments in cyber security aim to minimise losses caused by cyber-attacks. In the case of investment in cyber and information security, therefore, we must evaluate the amount of loss that will never actually occur. This is a complicated problem, and several approaches have been proposed over the years to estimate the cost-benefit balance of security investments. Methodology/methods: This paper is based on previous research (Podešva et al., 2021), where two most used methods of the ROI / ROSI (Bojanc, 2008) and Gordon-Loe model (Gordon, Loeb, 2002) were identified in the field of investments in cyber and information security. Both methods are described and the advantages and limitations for further research are identified. Scientific aim: The main goal is to select the most suitable method for further research in the field of investment in cyber and information security. Findings: ROI / ROSI does not seem suitable for further research because it only tells us what percentage of return on in-vestment will be provided during a given period. The separate use of this method (ROI / ROSI) provides us with very limited results and it is necessary to combine it with other methods. On the other hand, the Gordon-Loeb model is much more complex despite several limitations, especially for coefficients ʎ and t. Further research will therefore focus on the constant t (probability of attack on a given information set) and its value will be modelled based on the SIR epidemic model on network with standard incidents (Podešva, Koch 2019). Conclusions: At present, there is no standardised approach to decision-making and the size of investments in cyber and in-formatio

Klasifikace

  • Druh

    J<sub>ost</sub> - Ostatní články v recenzovaných periodicích

  • CEP obor

  • OECD FORD obor

    50203 - Industrial relations

Návaznosti výsledku

  • Projekt

    <a href="/cs/project/EF19_073%2F0016948" target="_blank" >EF19_073/0016948: Kvalitní interní granty VUT</a><br>

  • Návaznosti

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Ostatní

  • Rok uplatnění

    2022

  • Kód důvěrnosti údajů

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Údaje specifické pro druh výsledku

  • Název periodika

    TRENDY EKONOMIKY A MANAGEMENTU

  • ISSN

    1802-8527

  • e-ISSN

  • Svazek periodika

    16

  • Číslo periodika v rámci svazku

    39

  • Stát vydavatele periodika

    CZ - Česká republika

  • Počet stran výsledku

    10

  • Strana od-do

    25-34

  • Kód UT WoS článku

  • EID výsledku v databázi Scopus