Assessment of Enterprise Information Security — The Importance of Information Search Cost

Kauai, Hawaii January 04-January 07

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/HICSS.2006.67

Proceedings of the 39th Annual Hawaii ...

	This Article
	PURCHASE ARTICLE: $0 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Erik Johansson Articles by Mathias Ekstedt Articles by Pontus Johnson

	ASCII Text	x
	Erik Johansson, Mathias Ekstedt, Pontus Johnson, "Assessment of Enterprise Information Security — The Importance of Information Search Cost," Hawaii International Conference on System Sciences, vol. 9, pp. 219a, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06) Track 9, 2006.

	BibTex	x
	@article{ 10.1109/HICSS.2006.67, author = {Erik Johansson and Mathias Ekstedt and Pontus Johnson}, title = {Assessment of Enterprise Information Security — The Importance of Information Search Cost}, journal ={Hawaii International Conference on System Sciences}, volume = {9}, year = {2006}, issn = {1530-1605}, pages = {219a}, doi = {http://doi.ieeecomputersociety.org/10.1109/HICSS.2006.67}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Hawaii International Conference on System Sciences TI - Assessment of Enterprise Information Security — The Importance of Information Search Cost SN - 1530-1605 SP EP A1 - Erik Johansson, A1 - Mathias Ekstedt, A1 - Pontus Johnson, PY - 2006 KW - null VL - 9 JA - Hawaii International Conference on System Sciences ER -

Erik Johansson, Royal Institute of Technology

Mathias Ekstedt, Royal Institute of Technology

Pontus Johnson, Royal Institute of Technology

There are today several methods and standards available for assessment of the level of information security in an enterprise. A problem with these assessment methods is that they neither provide an indication of the amount of effort required to obtain the assessment nor an approximation of this measure?s credibility. This paper describes a part of a new method for assessing the level of enterprise information security expresses the credibility of the results in terms of confidence levels and make use of an estimation of the cost of searching for security evidence. Such methods for predicting information search cost of assessments are detailed in the paper. Search cost predictions are used for providing guidance on how to minimize the effort spent on performing enterprise information security assessments. The conclusions are based on a security assessment performed at a large European energy company and a statistical survey among Swedish security experts.

Citation:

Erik Johansson, Mathias Ekstedt, Pontus Johnson, "Assessment of Enterprise Information Security — The Importance of Information Search Cost," hicss, vol. 9, pp.219a, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06) Track 9, 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.