Abstract
In the contemporary, knowledge-based economy, enterprises are forced to bear the costs related to cybersecurity. While breaches negatively affect companies' budgets, accurate decisions on security investments result in visible savings. At the same time, cybersecurity cost assessment methods that support these decisions are lacking. Caspea addresses the gap by enabling the estimation of costs related to personnel activities involved in cybersecurity management. In this paper, new advancements in the research related to the construction of an ISO/IEC 27001-based costing model are described. This includes revising cost centres based on the ISO27k RASCI matrix, minimising input and output data, or implementing a new calculation spreadsheet that contains substantial changes compared to its previous editions. A comparative analysis with the earlier version of Caspea has been performed. The application of the new model to a woodworking company is illustrated. The results show gradual extension and the broader scope of the Caspea framework.
Citations
-
0
CrossRef
-
0
Web of Science
-
0
Scopus
Author (1)
Cite as
Full text
- Publication version
- Accepted or Published Version
- DOI:
- Digital Object Identifier (open in new tab) 10.62036/ISD.2024
- License
- open in new tab
Keywords
Details
- Category:
- Conference activity
- Type:
- publikacja w wydawnictwie zbiorowym recenzowanym (także w materiałach konferencyjnych)
- Language:
- English
- Publication year:
- 2024
- Bibliographic description:
- Leszczyna R.: ISO/IEC 27001-Based Estimation of Cybersecurity Costs with Caspea// / : , 2024,
- DOI:
- Digital Object Identifier (open in new tab) 10.62036/isd.2024
- Sources of funding:
-
- Free publication
- Verified by:
- Gdańsk University of Technology
seen 14 times