International Journal of Science and Modern Engineering (IJISME)
A cost-benefit model for an enterprise information security is presented in this paper. Economical analysis of information security investments that enterprises can use as guidance when applying the recommended risk mitigation plans are developed. An enterprises information security risk management associated with economical metrics. An economical analytical model is presented that enables the assessment of the necessary investment in the recommended information security. This model would be useful for both information security professionals and researchers in assessing the cost of the security measures versus the benefit of these measures in reducing the identified information security challenges.