The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.

Slides:

Advertisements

Similar presentations

Security+ All-In-One Edition Chapter 17 – Risk Management

Advertisements

1 Security Policy and Financial Costs (original slides from Josh Kaplan, Stephanie Losi, and Eric Chang)

Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

ECONOMIC ASPECTS OF CYBERSECURITY

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

The Economics of Investment in Information Assurance: An Empirical Investigation By Dr. Lawrence A. Gordon* and Dr. Martin P. Loeb* * Robert H. Smith School.

Security ROI Rick Shaw – President, CorpNet Security, Inc.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Chapter 12 Network Security.

Note1 (Intr1) Security Problems in Computing. Overview of Computer Security2 Outline Characteristics of computer intrusions –Terminology, Types Security.

1 An Overview of Computer Security computer security.

1 Estimating the Cost and Benefits of Software Assurance Investments Thomas P. Frazier November 9, 2006.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Chapter 4 Internal Controls McGraw-Hill/Irwin

Outline  Company Profile  Services Provided  Assets  System Schema  Risk Categories  Technical Risks and Mitigation  Summary.

SEC835 Database and Web application security Information Security Architecture.

The IS Security Problem GP Dhillon, Ph. D. Associate Professor of IS, VCU

Network Security Overview Ali Shayan Network Security Management’s Perspective Dangers: – Negligence – Dereliction of duty – Liable for damaged.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Economic Models & Approaches in Information Security for Computer Networks Authors: P. Souras et al. Submission: International Journal of Network Security.

Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

The State of Computer & Data Security in Corporations Independent Survey.

Law College 1 Techno-Legal Security For Information Assets Naavi August 29, 2003.

Direct: Mobile: ………………………………....………….. R&D Tax Relief 25 th June 2014.

Information Security What is Information Security?

Internet Security Breach & Its Impact on Business Operations Kim Nguyen Manish Shirke Wa Mo Saravanan Velrajan.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Lecture 6 OCTAVE.

1 © A. Kwasinski, 2015 Cyber Physical Power Systems Fall 2015 Security.

Privacy/Confidentiality – Principles and Regulations in the Social Sciences and Behavioral Research Moira Keane, MA, CIP University of Minnesota May 4,

By, CA K RAGHU, PAST PRESIDENT – INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA.

EMPIRICAL RESEARCH RELATED TO ECONOMIC ASPECTS OF CYBER/ INFORMATION SECURITY: Concerns and Potential Solutions by Dr. Lawrence A. Gordon E rnst & Young.

Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.

IS3220 Information Technology Infrastructure Security

TEL2813/IS2820 Security Management Cost-Benefit Analysis Net Present Value Model, Internal Rate of Return Model Return on Investment (Based on Book by.

Dolly Dhamodiwala CEO, Business Beacon Management Consultants

Protection of Transportation Infrastructure from Cyber Attacks EXECUTIVE BRIEFING.

Information Management System Ali Saeed Khan 29 th April, 2016.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

Database Security Threats. Database An essential corporate resource Data is a valuable resource Must be strictly controlled, managed and secured May have.

Information Security and Privacy By: Joshua Waibel.

Trading, monitoring, balancing and performance attribution

Strategic Information Systems Planning

Information Security, Theory and Practice.

Chapter 4 Internal Controls McGraw-Hill/Irwin

Quality and Environmental Cost Management

I have many checklists: how do I get started with cyber security?

Computer and Network Security

Intrusion detection Lewis Knight.

Cybersecurity compliance for attorneys

Database Security &Threats

Gordon-Loeb Model for Cybersecurity Investments*

Forensic and Investigative Accounting

Risk Articulation Articulation Translation to Risk Register

LO1 - Know about aspects of cyber security

Definition Of Computer Security

Presentation transcript:

The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb

2 Benefits of Cyber Security The benefits of cyber security are “essentially the costs savings associated with prevented cyber security breaches”. So to understand the benefits of cyber security we must be able to quantify the costs associated with any security breaches. We do this by examining the forms and magnitudes of the cyber security breaches and potential impacts of each

3 Costs of Cyber Security Attacks Direct costs  Costs associated with the personnel, hardware, software needed dedicated to preventing, detecting and correcting specific breaches. Indirect costs  Costs that cannot be linked directly to a single attack event.  Includes intrusion detection systems Explicit costs  Costs that can be measured in a specific manner i.e. firewalls, encryption, access controls and other technical activities to assure security, access and data integrity. Implicit costs  Are often opportunity costs such as lost revenues reputation, potential legal liability etc.

4 The Cyber Security Grid and Direct costs Most studies believe that the implicit costs of Cyber security breaches are usually the highest However, in 2004 the Computer Security Institute and the FBI study found that organizations lost over $141 million in direct losses due to Cyber security breaches. Many believe that very few companies actually report any breaches at all. Confidentiality Data availability Data integrity Explicit Costs Implicit Costs Indirect costs Direct costs

5 Approaches to measure impacts of Cyber Security Some studies have looked at the implicit costs of the value of a company on the stock market that has experienced a Cyber security breach. The finding on a study published in Journal of Computer Security in 2003 found that attacks involving confidentiality had an impact on the value of a stock (negative 5%) That is a loss of $5,000,000,000 for a company the size of Wal- Mart or Exxon Mobile.

6 Some findings The authors observe (p65) that: “It is a myth to assume that all Cyber security breaches have a significant economic impact on organizations. The reality is that a large portion of Cyber security breaches does not have an economic impact on organizations” However, confidentiality attacks do have an impact.

7 Your Turn!