Cybersecurity is one of the most critical sectors of information systems and is considered a strategic priority for many Organizations. Information security investments are a crucial aspect of cybersecurity. However, it often happens that the economic decisions, which aim to improve information security, have poor efficiency. One reason is the lack of background on economics of the Chief Information Security Officers who are often not familiar with the evaluation of the non-technical aspects of security, e.g. economics. The other reason is the cultural gap between the different persons related to business management and administration. In this paper we present an interactive - simulation software designed to familiarize the aforementioned persons with information security investments. The software is actually a game that aims to boost learning for all the stakeholders who are involved in the investment process. Α better understanding of the processes, the technical, economic and human factors, along with the cultural convergence of the stakeholders will help boost the efficiency of investments. Design Science is used as the research method. The creative method, a brainstorming technique, is combined with the five steps of Design Science, i.e. explicate the problem, define the requirements, design and develop the artefact, demonstrate the artefact, and evaluate the artefact, to develop a process framework that will be able to cope with this problem. The artefact is an interactive-simulation platform in which a person could take the decision maker role and (a) deal with events that happen and (b) investigate different aspects of information security investment complexity. The evaluation of the artefact is made with a case study in the Industry, where real world data are used to feed the simulation and real-world decision makers play the game in order to better understand the different aspects of the problem and help us trim and enhance the functioning of the platform. Finally, limitations are elaborated and future work is also discussed.
Read full abstract