The purpose of this research is to
investigate the decision-making process for cybersecurity investments in
organizations through development and utilization of a digital cybersecurity
risk management framework. The initial article, Optimum Spending on
Cybersecurity Measures is published on Emerald Insight at: https://www.emerald.com/insight/1750-6166.htm, contains the detailed literature review, and the data results from
Phase I and Phase II of this research REF _Ref61862658 \r \h\* MERGEFORMAT [1]. This article will
highlight the research completed in the area of organizational decision-making
on cybersecurity spend. In leveraging the review of additional studies, this
research utilizes a regression framework and case study methodology to
demonstrate that effective risk-based decisions are necessary when implementing
cybersecurity controls. Through regression analysis, the effectiveness of
current implemented cybersecurity measures in organizations is explored when connecting a dependent variable with several independent
variables. The focus of this article is on the strategic decisions made by
organizations when implementing cybersecurity measures. This research belongs
to the area of risk management, and various models within the field of 1)
information security; 2) strategic management; and 3) organizational decision-making to determine optimum spending on
cybersecurity measures for risk taking organizations. This research resulted in
the development
References
[1]
Kissoon, T. (2019) Optimum Spending on Cybersecurity Measures. Transforming Government: People, Process and Policy, 14, 417-431. https://doi.org/10.1108/TG-11-2019-0112
[2]
Dor, D. and Elovici, Y. (2016) A Model of the Information Security Investment Decision-Making Process. Computer & Security, 63, 1-13. https://doi.org/10.1016/j.cose.2016.09.006
[3]
Rue, R., Pfleeger, S. and Ortiz, D. (2007) A Framework for Classifying and Comparing Models of Cyber Security Investment to Support Policy and Decision-Making. Sixth Workshop on the Economics of Information Security, Pittsburgh, 7-8 June 2007, 1-23.
[4]
Cavusoglu, H., Mishra, B. and Ragunathan, S. (2004) A Model for Evaluating It Security Investments. Communications of the ACM, 47, 87-92. https://doi.org/10.1145/1005817.1005828
[5]
Cavusoglu, H., Raghunathan, S. and Raghunathan, W. (2008) Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment. Journal of Management Information Systems, 25, 281-304. https://doi.org/10.2753/MIS0742-1222250211
[6]
Gordon, L.A. and loeb, M.P. (2002) The Economics of Information Security Investment. ACM Transactions on Information and System Security, 5, 438-457. https://doi.org/10.1145/581271.581274
[7]
Gordon, L.A., Loeb, M.P. and Zhou, L. (2016) Investing in Cybersecurity: Insights from the Gordon-Loeb Model. Journal of Information Security, 7, 49-59. http://dx.doi.org/10.4236/jis.2016.72004
[8]
Huang, C.D., Hu, Q. and Behara, R.S. (2008) An Economic Analysis of the Optimal Information Security Investment in the Case of a Risk-Averse Firm. International Journal of Production Economics, 114, 793-804. https://doi.org/10.1016/j.ijpe.2008.04.002
[9]
Purser, S.A. (2004) Improving the ROI of the Security Management Process. Computers & Security, 23, 542-546. https://doi.org/10.1016/j.cose.2004.09.004
[10]
Finne, T. (1998) A Conceptual Framework for Information Security Management. Computers & Security, 17, 303-307. https://doi.org/10.1016/S0167-4048(98)80010-2
[11]
Nazareth, D. and Choi, J. (2015) A System Dynamics Model for Information Security Management. Information & Management, 52, 123-134. https://doi.org/10.1016/j.im.2014.10.009
[12]
Comes, T., Hiete, M., Wijngaards, N. and Schultmann, F. (2011) Decision Maps: A Framework for Multi Criteria Decision Support under Severe Uncertainty. Decision Support System, 52, 108-118. https://doi.org/10.1016/j.dss.2011.05.008
[13]
Dutta, A. and Mccrohan, K. (2002) Management’s Role in Information Security in a Cyber Economy. California Management, 45, 67-87. https://doi.org/10.2307/41166154
[14]
Pettigrew, A. (2009). The Politics of Organizational Decision-Making. Routledge, London.
[15]
Easterby-Smith, M., Thorpe, R. and Jackson, P.R. (2015) Management & Business Research. Sage, London.
