Abstract
Organisational IT security spending is expected to increase substantially in the next few years. The challenge for IT managers and CIOs continues to grow in terms of allocating IT security investments across competing projects, products, or initiatives. Past approaches suggest use of sorting mechanism based on the analytic hierarchy process (AHP) to allocate resources across portfolio of IT security applications. It has also been suggested that using cost-benefit ratio provides a better way to prioritise resource allocations. Using the case of resource allocation for IT security at a large financial institution, we show that optimisation is a better approach than sorting to allocate IT security resources. We also show that cost-benefit ratio is not always the most effective way for evaluating IT security resource allocations. The findings of this study have significant implications for IT security managers who often face the challenge of maintaining balance between IT security budget and addressing maximum number of potential vulnerabilities.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Business Information Systems
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
