A Method for Estimating the Financial Impact of Cyber Information Security Breaches Utilizing the Common Vulnerability Scoring System and Annual Loss Expectancy
Abstract
Information security is relatively new field that is experiencing rapid growth in terms of malicious attack frequency and the amount of capital that firms must spend on attack defense. This rise in security expenditures has prompted corporate leadership teams to scrutinize corporate security budgets. Information security risk, and the related financial impact, is not as easily calculated as other traditional sources of enterprise risk.
This research provides one method by which a firm may calculate the likelihood of a successful cyber security attack and the resulting financial impacts. The method incorporates annual loss expectancy and cost-benefit, which are tools familiar to most mid-level managers responsible for budget creation.
Collections
Items in KU ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
We want to hear from you! Please share your stories about how Open Access to this item benefits YOU.