hig.sePublikationer
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • sv-SE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • de-DE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Adding value to business performance through cost benefit analyses of information security investments: MBA-thesis in marketing
Högskolan i Gävle, Institutionen för ekonomi.
2007 (Engelska)Självständigt arbete på grundnivå (kandidatexamen), 10 poäng / 15 hpStudentuppsats
Abstract [en]

The purpose of this thesis is to present an approach for good practice with regards to using cost benefit analysis (CBA) as a value-adding activity in the information security investment process for large enterprises. The approach is supported by empirical data.

From a MIO model perspective, this report is focused on the phase of strategic choices regarding organization, i.e. trying to find optimal investments for efficient operations. To assess, improve and monitor the operational effectiveness and management’s internal control environment is essential in today’s business execution. Executive management and boards are increasingly looking for an information security governance framework that encompasses information technology and information security: a single framework through which all information assets and activities within the organisation can be governed, to provide the optimum capability for meeting the organisation’s objectives, in terms of functionality and security.

The investment decision is one of the most visible and controversial key decisions in an enterprise. Some projects are approved, others are bounced, and the rest enter the organisational equivalent of suspended animation with the dreaded request from the decision makers to “redo the business case” or “provide more information.”

The concept of cost benefit analyses of information security helps management to make decisions on which initiatives to fund with how much, as there needs to be an approach for measuring and comparing different alternatives and how they meet business objectives of the enterprise. Non-financial metrics are identified using different approaches: governance effectiveness, risk analysis, business case analysis or game theory. The financial performance metrics are driven by the main value disciplines of an enterprise. These lead to the use of formulas enabling the measurement of asset utilisation, profit or growth: ROI (ROIC), NPV, IRR (MIRR), FCF, DCF, Payback Period, TCO, TBO, EVA, and ROSI.

The author shows research in the field of good corporate governance and the investment approval process, as well as case studies from two multinational enterprises. The case from Motorola demonstrates how IT governance principles are equally applicable to information security governance, while the case from Ericsson demonstrates how an information security investment decision can be supported by performing a cost benefit analysis using traditional marketing approaches of business case analysis (BCA) and standard financial calculations.

The suggested good practice presented in this thesis is summarised in four steps:

1. Understand main rationale for the security investment

2. Identify stakeholders and strategic goals

3. Perform Cost Benefit Analysis (non-financial and financial performance metrics)

4. Validate that the results are relevant to stakeholders and strategic goals

DISCLAIMER

This report is intended for academic training only and should not be used for any other purposes. The contents are not to be considered legal or otherwise professional advice. No liability is taken, whatsoever, by the author.

Ort, förlag, år, upplaga, sidor
2007. , s. 58
Nyckelord [en]
cost benefit analysis, information security investment, TBO, EVA, ROSI, business performance, business case, information technology, ROI (ROIC), NPV, IRR (MIRR), FCF, DCF, Payback Period, TCO
Nationell ämneskategori
Ekonomi och näringsliv
Identifikatorer
URN: urn:nbn:se:hig:diva-238Arkivnummer: E3BA: DiVA 102/07OAI: oai:DiVA.org:hig-238DiVA, id: diva2:119787
Uppsök
samhälle/juridik
Handledare
Tillgänglig från: 2007-12-18 Skapad: 2007-12-18

Open Access i DiVA

fulltext(539 kB)3980 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 539 kBChecksumma MD5
8a877376d83ae622681e1b4114c8b458d23cd5a6979f8040f7d8973ec7ed855bee05dbd9
Typ fulltextMimetyp application/pdf

Av organisationen
Institutionen för ekonomi
Ekonomi och näringsliv

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 3980 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 3212 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard-cite-them-right
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • sv-SE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • de-DE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf