Abstrakt
Contemporary approaches to the estimation of cybersecurity costs in organisations tend to focus on the cost of incidents or technological investments. However, there are other, less transparent costs related to cybersecurity management that need to be properly recognised in order to get a complete picture. These costs are associated with everyday activities and the time spent by employees on cybersecurity-related actions. Such costs constitute a substantial component of cybersecurity expenditures, but because they become evident only during scrupulous analyses, often they are neglected. This paper presents new developments on CAsPeA - a method which enables estimating the cost of these activities based on a model derived from the Activity-Based Costing (ABC) and the NIST SP 800-53 guidelines. The application of the method is illustrated by a case study of a civil engineering enterprise. The method's evaluation based on comparative analysis in respect to SQUARE is described.
Cytowania
-
3
CrossRef
-
0
Web of Science
-
1
Scopus
Autorzy (2)
Cytuj jako
Pełna treść
- Wersja publikacji
- Accepted albo Published Version
- Licencja
- Copyright (2020 Springer Nature Switzerland AG)
Słowa kluczowe
Informacje szczegółowe
- Kategoria:
- Aktywność konferencyjna
- Typ:
- publikacja w wydawnictwie zbiorowym recenzowanym (także w materiałach konferencyjnych)
- Tytuł wydania:
- Information Systems Security strony 267 - 287
- Język:
- angielski
- Rok wydania:
- 2020
- Opis bibliograficzny:
- Leszczyna R., Litwin A.: Estimating the Cost of Cybersecurity Activities with CAsPeA: A Case Study and Comparative Analysis// / : , 2020, s.267-287
- DOI:
- Cyfrowy identyfikator dokumentu elektronicznego (otwiera się w nowej karcie) 10.1007/978-3-030-65610-2_17
- Weryfikacja:
- Politechnika Gdańska
wyświetlono 108 razy