Publication: Economic valuation for information security investment: a systematic literature review

Looks like Information Systems Frontiers – A Journal of Research and Innovation published one of my papers. This one is taking a systematic look at literature related to measuring value of Information Security in organisations.

Research on technological aspects of information security risk is a well-established area and familiar territory for most information security professionals. The same cannot be said about the economic value of information security investments in organisations. While there is an emerging research base investigating suitable approaches measuring the value of investments in information security, it remains difficult for practitioners to identify key approaches in current research. To address this issue, we conducted a systematic literature review on approaches used to evaluate investments in information security. Following a defined review protocol, we searched several databases for relevant primary studies and extracted key details from the identified studies to answer our research questions. The contributions of this work include: a comparison framework and a catalogue of existing approaches and trends that would help researchers and practitioners navigate existing work; categorisation and mapping of approaches according to their key elements and components; and a summary of key challenges and benefits of existing work, which should help focus future research efforts. (Source)

Thanks once more to Dr. Rabih Bashroush for being a great co-author!

I’m also making the draft manuscript of the paper available here.