hig.sePublikasjoner
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • sv-SE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • de-DE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Adding value to business performance through cost benefit analyses of information security investments: MBA-thesis in marketing
Högskolan i Gävle, Institutionen för ekonomi.
2007 (engelsk)Independent thesis Basic level (degree of Bachelor), 10 poäng / 15 hpOppgave
Abstract [en]

The purpose of this thesis is to present an approach for good practice with regards to using cost benefit analysis (CBA) as a value-adding activity in the information security investment process for large enterprises. The approach is supported by empirical data.

From a MIO model perspective, this report is focused on the phase of strategic choices regarding organization, i.e. trying to find optimal investments for efficient operations. To assess, improve and monitor the operational effectiveness and management’s internal control environment is essential in today’s business execution. Executive management and boards are increasingly looking for an information security governance framework that encompasses information technology and information security: a single framework through which all information assets and activities within the organisation can be governed, to provide the optimum capability for meeting the organisation’s objectives, in terms of functionality and security.

The investment decision is one of the most visible and controversial key decisions in an enterprise. Some projects are approved, others are bounced, and the rest enter the organisational equivalent of suspended animation with the dreaded request from the decision makers to “redo the business case” or “provide more information.”

The concept of cost benefit analyses of information security helps management to make decisions on which initiatives to fund with how much, as there needs to be an approach for measuring and comparing different alternatives and how they meet business objectives of the enterprise. Non-financial metrics are identified using different approaches: governance effectiveness, risk analysis, business case analysis or game theory. The financial performance metrics are driven by the main value disciplines of an enterprise. These lead to the use of formulas enabling the measurement of asset utilisation, profit or growth: ROI (ROIC), NPV, IRR (MIRR), FCF, DCF, Payback Period, TCO, TBO, EVA, and ROSI.

The author shows research in the field of good corporate governance and the investment approval process, as well as case studies from two multinational enterprises. The case from Motorola demonstrates how IT governance principles are equally applicable to information security governance, while the case from Ericsson demonstrates how an information security investment decision can be supported by performing a cost benefit analysis using traditional marketing approaches of business case analysis (BCA) and standard financial calculations.

The suggested good practice presented in this thesis is summarised in four steps:

1. Understand main rationale for the security investment

2. Identify stakeholders and strategic goals

3. Perform Cost Benefit Analysis (non-financial and financial performance metrics)

4. Validate that the results are relevant to stakeholders and strategic goals

DISCLAIMER

This report is intended for academic training only and should not be used for any other purposes. The contents are not to be considered legal or otherwise professional advice. No liability is taken, whatsoever, by the author.

sted, utgiver, år, opplag, sider
2007. , s. 58
Emneord [en]
cost benefit analysis, information security investment, TBO, EVA, ROSI, business performance, business case, information technology, ROI (ROIC), NPV, IRR (MIRR), FCF, DCF, Payback Period, TCO
HSV kategori
Identifikatorer
URN: urn:nbn:se:hig:diva-238Arkivnummer: E3BA: DiVA 102/07OAI: oai:DiVA.org:hig-238DiVA, id: diva2:119787
Uppsök
samhälle/juridik
Veileder
Tilgjengelig fra: 2007-12-18 Laget: 2007-12-18

Open Access i DiVA

fulltekst(539 kB)3976 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 539 kBChecksum SHA-1
979f8040f7d8973ec7ed855bee05dbd98a877376d83ae622681e1b4114c8b458d23cd5a6
Type fulltextMimetype application/pdf

Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 3976 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

urn-nbn

Altmetric

urn-nbn
Totalt: 3212 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • sv-SE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • de-DE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf