With powerful regulations surrounding security and privacy of information, the authors attempt to identify challenges valuing information security investments. The authors examine three primary approaches to measuring information value: Perceived, Real, and Normative. Literature is reviewed and the approaches are examined in terms of their strengths and weaknesses in providing value measurements for secure information systems. A framework is presented to suggest at what level in an organization and in what situations these information value approaches are most suitable.
Coulson, Tony; Zhu, Jake; Miyuan, Shan; and Rohm, Tapie
"The Price of Security: The Challenge of Measuring Business Value Investments in Securing Information Systems,"
Communications of the IIMA: Vol. 5
, Article 3.
Available at: http://scholarworks.lib.csusb.edu/ciima/vol5/iss4/3