Abstract
The amount of effort that can be expended on information security depends on funds available and management decisions. Organisations therefore have to prepare an annual budget for the maintenance and improvement of their information security systems. Two of the key issues that confront IT management, when dealing with IT security investments, are how to spend the IT security budget most effectively, and how to make the case for an increase in funds to maintain and further enhance information security. The aim of this paper is to present a quantitative framework as an alternative way of analysing IT security investments in a banking environment in order to address the two issues mentioned above. A two step framework is proposed. The first step utilizes a cluster analysis (CA) technique and the second step employs a linear programming technique called data envelopment analysis (DEA). The purpose of the clustering step is to ensure that evaluations are carried out in groups of homogenous bank branches while the purpose of the DEA model is to determine which of the branches make efficient use of the IT security resources available to them. Following a brief discussion of the proposed framework and techniques used, an illustrative example, based on a well known South African financial institution, is presented.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
