In the contemporary, knowledge-based economy, enterprises are forced to bear the costs related to cybersecurity. While breaches negatively affect companies' budgets, accurate decisions on security investments result in visible savings. At the same time, cybersecurity cost assessment methods that support these decisions are lacking. Caspea addresses the gap by enabling the estimation of costs related to personnel activities involved in cybersecurity management. In this paper, new advancements in the research related to the construction of an ISO/IEC 27001-based costing model are described. This includes revising cost centres based on the ISO27k RASCI matrix, minimising input and output data, or implementing a new calculation spreadsheet that contains substantial changes compared to its previous editions. A comparative analysis with the earlier version of Caspea has been performed. The application of the new model to a woodworking company is illustrated. The results show gradual extension and the broader scope of the Caspea framework.
Autorzy
Informacje dodatkowe
- DOI
- Cyfrowy identyfikator dokumentu elektronicznego link otwiera się w nowej karcie 10.62036/isd.2024
- Kategoria
- Aktywność konferencyjna
- Typ
- publikacja w wydawnictwie zbiorowym recenzowanym (także w materiałach konferencyjnych)
- Język
- angielski
- Rok wydania
- 2024
Źródło danych: MOSTWiedzy.pl - publikacja "ISO/IEC 27001-Based Estimation of Cybersecurity Costs with Caspea" link otwiera się w nowej karcie
