Modelo para medir el retorno sobre la inversión en seguridad informática y de la información - ROSI

Christian Angulo Rivera

doi:10.22490/25394088.4487

Vol. 14 No. 3 (2020): Número Especial

Published

2020-12-20

HTML (Spanish)

PDF (Spanish)

How to Cite

Angulo Rivera , C. (2020). Model to measure return on investment in computer and information security - ROSI. Publicaciones E Investigación, 14(3). https://doi.org/10.22490/25394088.4487

Download Citation

Metrics

Metrics Loading ...

Model to measure return on investment in computer and information security - ROSI

DOI: https://doi.org/10.22490/25394088.4487

Section

Original article

Christian Angulo Rivera Universidad Nacional Abierta y Distancia - UNAD

The following work tries to propose across a quantitative correlation investigation, a model to measure the return on the investment in IT security ROSI in the SMEs of Colombia, allowing hereby that the managers, leaders of technology and security, should have the necessary tools to determine in an objective way how to prioritize the investments, thinking always about the economic and operative well-being of the organization.

An important variable of this investigation is the understanding of the state in which they find the SMEs of Colombia in topics of IT security and of the information, since these topics are new due to the fact that scarcely they are starting listening to these terms, thanks to the quantity of news that relates to "Hackers" or losses of corporate information. In the city of Cali there is a great quantity of SMEs that are very focused on the development of their service or main function and do not have inside their radar a topic so delicate as it is that of the IT security and of the information.

Likewise, the aim is to make visible the security models that SMEs can use into account the advantages and disadvantages of their application. Although it is not mandatory for legally constituted organizations to implement security controls, there is a corporate responsibility for the delivery of an excellent product or service, which is only guaranteed if the information assets are correctly safeguarded.

Hidden and intangible costs generated due to lack of investment or planning in security investments are also presented. This allows SMEs to be aware that they can be victims of computer criminals or that losses can be generated due to the lack of training of their staff and all this due to the lack of implementation of controls, which ensure proper management on issues technological.

Cybersecurity, Information Security, Return on Investment in Security

GEDESCO. Consejos para proteger los datos de tu empresa Gedesco [en línea]. GEDESCO. Madrid. (23 de Junio de 2016). [Consultado: 15 de Mayo de 2018]. Disponible en Internet: https://www.gedesco.es/blog/consejos-proteger-datos- empresa/

GORDON, Lawrence A.; LOEB, Martin P. The economics of information security investment. [en lina] En. ACM Transactions on Information and System Security (TISSEC), Noviembre 2002, vol. 5, no 4, p. 440. [Consultado: 12 de noviembre de 2016]. Disponible en Internet: https://dl.acm.org/citation.cfm?id=581274

SONNENREICH, Wes, et al. Return on security investment (ROSI)-a practical quantitative model [En línea] En: Journal of Research and practice in Information Technology, 2006, vol. 38, no 1, p. 45. ISSN 1443458X. [Consultado: 27 de octubre de 2016]. Disponible en internet: http://ws.acs.org.au/jrpit/JRPITVolumes/JRPIT38/JRPIT38. 1.45.pdf

PHILLIPS, Patti P.; PHILLIPS, Jack J. Return on investment. Handbook of Improving Performance in the Workplace: Volumes 1-3, 2010, p. 823-846.

BÖHME, Rainer. Security metrics and security investment models. [en línea] En: International Workshop on Security. Universidad de Berkeley. 2010. Vol. 1 p. 10-24. [Consultado: 10 Marzo 2018]. Disponible en Internet: http://lyle.smu.edu/~tylerm/courses/econsec/reading/lnse- secinv2.pdf.

Angulo Rivera , C. (2020). Model to measure return on investment in computer and information security - ROSI. Publicaciones E Investigación, 14(3). https://doi.org/10.22490/25394088.4487

Download Citation

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

When the Publicaciones e Investigaciones Journal receives an original study or article from its author(s), whether by email, postal service, or the platforms available for said purpose, know that it may be published in physical or electronic formats in national or international archives, databases, or SIRES. As such, Publications and Research authorizes the reproduction and citation of said material, provided that the description of information is carried out in conformity with bibliographic norms, and mention the corresponding names, authors, article, issue, and pages. Publications and Research, in advance, expresses that the information, concepts, and methods are the responsibility of the author(s). As such, the UNAD does not have any influence whatsoever over that expressed in the manuscript.

Published

How to Cite

Model to measure return on investment in computer and information security - ROSI

Keywords