A methodology for cost-benefit analysis of information security technologies

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Although information security technologies (such as digital rights management products) has been proven effective and successful in protecting the confidentiality of sensitive information by providing access control, these technologies have not been widely adopted and used to their potential. One reason for this could be that cost and benefit of these products have not been analysed in a systematic and quantitative manner to date. As a result, companies do not have an established procedure to evaluate the cost and benefit of implementing these products. In this document, the benefits of implementing a digital rights management product in enterprises are quantified using stochastic Petri nets models and are compared with the security needs of a corporation and potential costs incurred by the implementation process. An evaluating procedure for implementing these products is established. This procedure has the potential to be used to improve the ability of a corporation to make sensible security investment decisions

Measuring attitude towards personal data for adaptive cybersecurity

Purpose: This paper presents an initial development of a Personal Data Attitude (PDA) measurement instrument based on established psychometric principles. The aim of the research was to develop a reliable measurement scale for quantifying and comparing attitudes towards personal data that can be incorporated into cybersecurity behavioral research models. Such a scale has become necessary for understanding individuals’ attitudes towards specific sets of data as more technologies are being designed to harvest, collate, share and analyze personal data. Design/methodology/approach: An initial set of 34 five-point Likert style items were developed with 8 sub-scales and administered to participants online. The data collected were subjected to Exploratory and Confirmatory factor analysis and some MANOVA. The results are consistent with multi-dimensionality of attitude theories and suggest the adopted methodology for the study is appropriate for future research with a more representative sample. Findings: Factor analysis of 247 responses identified 6 constructs of individuals’ attitude towards personal data: Protective Behavior, Privacy Concerns, Cost-Benefit, Awareness, Responsibility and Security. This paper illustrates how the PDA scale can be a useful guide for information security research and design by briefly discussing the factor structure of the PDA and related results. Originality/value: This study addresses a genuine gap in the research by taking the first step towards establishing empirical evidence for dimensions underlying personal data attitudes. It also adds a significant benchmark to a growing body of literature on understanding and modelling computer users’ security behaviors

An Assessment of PIER Electric Grid Research 2003-2014 White Paper

This white paper describes the circumstances in California around the turn of the 21st century that led the California Energy Commission (CEC) to direct additional Public Interest Energy Research funds to address critical electric grid issues, especially those arising from integrating high penetrations of variable renewable generation with the electric grid. It contains an assessment of the beneficial science and technology advances of the resultant portfolio of electric grid research projects administered under the direction of the CEC by a competitively selected contractor, the University of California’s California Institute for Energy and the Environment, from 2003-2014

An Overview of Economic Approaches to Information Security Management

The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in information security. However, the largest body of research related to preventing breaches is technical, focusing on such issues as encryption and access control. In contrast, research related to the economic aspects of information security is small but rapidly growing. The goal of this technical note is twofold: i) to provide the reader with an structured overview of the economic approaches to information security and ii) to identify potential research directions

Is small beautiful? A multicriteria assessment of small-scale energy technology applications in local governments

In its 2003 White Paper the UK government set ambitious renewable energy targets. Local governments and households have an increasing role in the overall energy system as consumers, suppliers of smaller-scale applications and citizens discussing energy projects. In this paper, we consider if small-scale or large-scale approaches to renewable energy provision can achieve energy targets in the most socially, economically and environmentally (SEE) effective way. We take a local case study of renewable energy provision in the Metropolitan Borough of Kirklees in Yorkshire, UK, and apply a multi-criteria decision analysis methodology to compare the small-scale schemes implemented in Kirklees with large-scale alternatives. The results indicate that small-scale schemes are the most SEE effective, despite large-scale schemes being more financially viable. The selection of the criteria on which the alternatives are assessed and the assigned weights for each criterion are of crucial importance. It is thus very important to include the relevant stakeholders to elicit this information

Towards an evaluation framework for medical web applications

Copyright @ 2013 EMCIS.The main aim of this study is to review and analyse various evaluation frameworks used to assess the operational effectiveness of various Information Technology (IT) processes/applications and identify their strengths in order to form a new holistic framework for economic evaluation of web applications. This research aims to address the need for a new holistic evaluation framework for the purpose of the evaluation of the medical web applications. Over the last decade more and more, companies used accountancy techniques such as the frameworks analysed in this research. This new holistic framework that was developed will include also steps regarding the indirect and intangible costs and benefits identification and their incorporation in the evaluation process. Moreover the new emerging market of the medical websites and the embedded on them web applications requires also a new evaluation framework that will provide accurate results in the estimation of the efficiency of an investment on them. The paper first presents an introduction about why economic evaluation is important when evaluating the Information Technology in organizations. Various studies are reviewed, which highlight the ever increasing importance of integrating economic evaluation processes, such as Cost Benefit Analysis (CBA) and Return on Investment (ROI), into systems and processes of organizations and economic organizations, and analyse the factors that govern their role. Finally, the evaluation frameworks and methods that are found in these studies should be used as a part of a proactive systematic action plan that the organizations could use to avoid budget reduction due to incorrect planning. The next part of this study includes a comprehensive presentation and review of past frameworks used to evaluate Information Technology. The frameworks that are reviewed are the Framework for evaluation of information systems, the Information Technology Adoption Model (ITAM), the Total Evaluation and Acceptance Methodology (TEAM) framework, the ROI Process Model and HOT-fit evaluation framework for Health Information Systems

A Smart Modular Wireless System for Condition Monitoring Data Acquisition

Smart sensors, big data, the cloud and distributed data processing are some of the most interning changes in the way we collect, manage and treat data in recent years. These changes have not significantly influenced the common practices in condition monitoring for shipping. In part this is due to the reduced trust in data security, data ownership issues, lack of technological integration and obscurity of direct benefit. This paper presents a method of incorporating smart sensor techniques and distributed processing in data acquisition for condition monitoring to assist decision support for maintenance actions addressing these inhibitors