IT Security Investment and Costing Emphasizing Benefits in Times of Limited Budgets

  • Mechthild Stöwer
  • Reiner Kraft


This article addresses different approaches for IT security investment cost-benefit analyses and argues calculation approaches that focus on the contribution of IT security procedures to support business process productivity. Several examples show opportunities how to generate economic revenues through appropriate security investments. These examples may serve as blueprints helping IT security mangers to claim appropriate budgets. Open issues are identified for developing more reliable and convincing cost-benefit analysis methods for security investments.


Business Process Smart Card Limited Budget Security Investment Security Incident 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Brec12]
    Brecht, Matthias; Nowey, Thomas: A Closer Look at Information Security Costs, Workshop on the economics of information security, WEIS conference 2012Google Scholar
  2. [Blu04]
    Blumberg, H., Pohlmann, N.: Der IT-Sicherheitsleitfaden, Bonn 2004Google Scholar
  3. [Fais07]
    Faisst, U., Prokein, O., Wegmann, N.: Ein Modell zur dynamischen Investitionsrechnung von IT-Sicherheitsmaßnahmen, in Zeitschrift für Betriebswirtschaft, 77:511-538, 2007Google Scholar
  4. [Gada06]
    Gadatsch, A., Uebelacker, H.; Wirtschaftlichkeitsbetrachtungen für IT-Security-Projekte in Mörike, M., Teufel, S (Hrsg.); Kosten & Nutzen von IT-Sicherheit, Heidelberg 2006Google Scholar
  5. [Hoo00]
    Hoo, Soo K.: “How Much is Enough? A Risk-Management Approach to Computer Security,” Stanford 2000Google Scholar
  6. [Neub09]
    Neubauer, T.: On the singularity of valuating IT security investments, Eighth IEEE/ACIS International Conference on Computer and Information Science, p. 549-556, 2009Google Scholar
  7. [Pohl06]
    Pohlmann, N.: Wirtschaftlichkeitsbetrachtungen von IT-Sicherheitsmechanismen,
  8. [Sonn06]
    Sonnenreich, W.: Return On Security Investment (ROSI): A Practical Quantitative Model, Journal of Research and Practice in Information Technology, Volume 38, issue 1, 2006Google Scholar

Copyright information

© Springer Fachmedien Wiesbaden 2012

Authors and Affiliations

  1. 1.Fraunhofer-Institute for Secure Information Technology SITDarmstadtGermany

Personalised recommendations