{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T03:32:29Z","timestamp":1725507149265},"publisher-location":"Berlin, Heidelberg","reference-count":54,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540789413"},{"type":"electronic","value":"9783540789420"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008]]},"DOI":"10.1007\/978-3-540-78942-0_43","type":"book-chapter","created":{"date-parts":[[2008,4,18]],"date-time":"2008-04-18T02:45:30Z","timestamp":1208486730000},"page":"445-456","source":"Crossref","is-referenced-by-count":8,"title":["Conceptual Design of a Method to Support IS Security Investment Decisions"],"prefix":"10.1007","author":[{"given":"Heinz Lothar","family":"Grob","sequence":"first","affiliation":[]},{"given":"Gereon","family":"Strauch","sequence":"additional","affiliation":[]},{"given":"Christian","family":"Buddendick","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"43_CR1","volume-title":"Kosten und Nutzen der IT-Sicherheit, Studie des BSI zur Technikfolgen-Absch\u00e4tzung","author":"BSI","year":"2000","unstructured":"BSI: Kosten und Nutzen der IT-Sicherheit, Studie des BSI zur Technikfolgen-Absch\u00e4tzung. SecuMedia, Ingelheim (2000)"},{"issue":"4","key":"43_CR2","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/s11576-006-0057-3","volume":"48","author":"P. Fettke","year":"2006","unstructured":"Fettke, P.: State-of-the-Art des State-of-the-Art-Eine Untersuchung der Forschungsmethode \u201cReview\u201d innerhalb der Wirtschaftsinformatik. Wirtschaftsinformatik 48(4), 257\u2013266 (2006)","journal-title":"Wirtschaftsinformatik"},{"key":"43_CR3","unstructured":"K\u00fctz, M.: IS Controlling f\u00fcr die Praxis. Konzeption und Methoden. dpunkt, Heidelberg (2005)"},{"key":"43_CR4","doi-asserted-by":"crossref","DOI":"10.1201\/b12444","volume-title":"Information security risk analysis","author":"T.R. Peltier","year":"2001","unstructured":"Peltier, T.R.: Information security risk analysis. Auerbach Publications, Boca Raton (2001)"},{"issue":"248","key":"43_CR5","first-page":"26","volume":"43","author":"N. Pohlmann","year":"2006","unstructured":"Pohlmann, N.: Wie wirtschaftlich sind IT-Sicherheitsma\u00dfnahmen? HMD 43(248), 26\u201334 (2006)","journal-title":"HMD"},{"issue":"12","key":"43_CR6","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1145\/163298.163309","volume":"36","author":"E. Brynjolfsson","year":"1993","unstructured":"Brynjolfsson, E.: The productivity paradox of information technology. Communications of the ACM 36(12), 66\u201377 (1993)","journal-title":"Communications of the ACM"},{"issue":"4","key":"43_CR7","doi-asserted-by":"publisher","first-page":"541","DOI":"10.1287\/mnsc.42.4.541","volume":"42","author":"E. Brynjolfsson","year":"1996","unstructured":"Brynjolfsson, E., Hitt, L.: Paradox lost? Firm-level evidence on the returns to information systems spending. Management Science 42(4), 541\u2013588 (1996)","journal-title":"Management Science"},{"issue":"5","key":"43_CR8","first-page":"41","volume":"81","author":"N. Carr","year":"2003","unstructured":"Carr, N.: IT doesn\u2019t matter. Harvard Business Review 81(5), 41\u201349 (2003)","journal-title":"Harvard Business Review"},{"issue":"2","key":"43_CR9","first-page":"1","volume":"3","author":"J.N. Luftman","year":"2004","unstructured":"Luftman, J.N.: Key issues for IT executives. MIS Quarterly Executive 3(2), 1\u201318 (2004)","journal-title":"MIS Quarterly Executive"},{"key":"43_CR10","volume-title":"Assessing and managing security risk in IT systems: A structured methodology","author":"J. McCumber","year":"2005","unstructured":"McCumber, J.: Assessing and managing security risk in IT systems: A structured methodology. Auerbach Publications, Boca Raton (2005)"},{"key":"43_CR11","doi-asserted-by":"publisher","first-page":"139","DOI":"10.1145\/1107622.1107654","volume-title":"2nd annual conference on Information security curriculum development","author":"G. Rodewald","year":"2005","unstructured":"Rodewald, G.: Aligning information security investments with a firm\u2019s risk tolerance. In: Whitman, M.E. (ed.) 2nd annual conference on Information security curriculum development, pp. 139\u2013141. ACM, Kennesaw, GA (2005)"},{"key":"43_CR12","volume-title":"Datenschutz-Controlling \u2014 Den Wirtschaftsfaktor Datenschutz effizient planen, steuern und kontrollieren","author":"R. Vossbein","year":"2002","unstructured":"Vossbein, R.: Datenschutz-Controlling \u2014 Den Wirtschaftsfaktor Datenschutz effizient planen, steuern und kontrollieren. SecuMedia, Ingelheim (2002)"},{"key":"43_CR13","volume-title":"Consortium for Research on Information Security and Policy (CRISP)","author":"K.J. Soo Hoo","year":"2000","unstructured":"Soo Hoo, K.J.: How much is enough? A risk management approach to computer security. Consortium for Research on Information Security and Policy (CRISP). Working Paper Stanford University, Stanford (2000)"},{"issue":"3","key":"43_CR14","first-page":"94","volume":"5","author":"R. Bromme","year":"2003","unstructured":"Bromme, R., Jucks, R., Rambow, R.: Wissenskommunikation \u00fcber F\u00e4chergrenzen: Ein Trainingsprogramm. Wirtschaftspsychologie 5(3), 94\u2013102 (2003)","journal-title":"Wirtschaftspsychologie"},{"issue":"4","key":"43_CR15","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/s11576-007-0064-z","volume":"49","author":"T. Wilde","year":"2007","unstructured":"Wilde, T., Hess, T.: Forschungsmethoden der Wirtschaftsinformatik. Eine empirische Untersuchung. Wirtschaftsinformatik. 49(4), 280\u2013287 (2007)","journal-title":"Wirtschaftsinformatik"},{"key":"43_CR16","unstructured":"Tallon, P.: A Process-oriented Perspective on the Alignment of Information Technology and Business Strategy. Journal of Management Information Systems (JMIS) (forthcoming) (2008)"},{"key":"43_CR17","unstructured":"FIPS: Guideline for automatic data processing risk analysis. National Bureau of Standards, US Department of Commerce (1979)"},{"issue":"6","key":"43_CR18","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1145\/777313.777327","volume":"46","author":"R.T. Mercury","year":"2003","unstructured":"Mercury, R.T.: Analysing security costs. Communications of the ACM 46(6), 15\u201318 (2003)","journal-title":"Communications of the ACM"},{"key":"43_CR19","series-title":"Lecture Notes in Informatics","first-page":"15","volume-title":"Sicherheit 2005. 2. Jahrestagung des GI-Fachbereichs Sicherheit","author":"T. Nowey","year":"2005","unstructured":"Nowey, T., Federrath, H., Klein, C., Pl\u00f6\u00dfl, K.: Ans\u00e4tze zur Evaluierung von Sicherheitsinvestitionen. In: Federrath, H. (ed.) Sicherheit 2005. 2. Jahrestagung des GI-Fachbereichs Sicherheit. Lecture Notes in Informatics, vol. P-62, pp. 15\u201326. K\u00f6llen-Verlag, Bonn (2005)"},{"key":"43_CR20","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1145\/1167253.1167295","volume-title":"Proceedings of the 43rd annual southeast regional conference","author":"A.J.A. Wang","year":"2005","unstructured":"Wang, A.J.A.: Information security models and metrics. In: Guimaraes, M. (ed.) Proceedings of the 43rd annual southeast regional conference, pp. 178\u2013184. ACM, New York (2005)"},{"issue":"1","key":"43_CR21","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1145\/1005817.1005828","volume":"47","author":"H. Cavusoglu","year":"2004","unstructured":"Cavusoglu, H., Mishra, B., Raghunathan, P.: A model for evaluating IT security investments. Communications of the ACM 47(1), 87\u201392 (2004)","journal-title":"Communications of the ACM"},{"key":"43_CR22","unstructured":"Cremonini, M., Martini, B.: Evaluating information security investments from attackers perspective: the return on attack. Fourth Workshop on the Economics of Information Security (WEIS 05), Boston (2005), http:\/\/infosecon.net\/workshop\/pdf\/23.pdf"},{"issue":"4","key":"43_CR23","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"L.A. Gordon","year":"2002","unstructured":"Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Transactions on Information and System Security 5(4), 438\u2013457 (2002)","journal-title":"ACM Transactions on Information and System Security"},{"key":"43_CR24","unstructured":"Mayer, B.: Rosi-Return on Security Investment. Eine notwendige Rechnung (2006), http:\/\/www.it-daily.net"},{"key":"43_CR25","unstructured":"Berinato, S.: Finally, a real return on security spending (2002), http:\/\/www.cio.de\/technik\/806049\/"},{"key":"43_CR26","unstructured":"Sonnenreich, W., Albanese, J., Stout, B.: Return on security investment (ROSI). A practical quantitative model. Journal of Research and Practice in Information Technology 38(1) (2006)"},{"key":"43_CR27","first-page":"58","volume-title":"Enterprise Service Computing from Concept to Deploymen","author":"J. Brocke vom","year":"2006","unstructured":"vom Brocke, J.: Service Portfolio Measurement (SPM), A Decision Support System for the Management of Service-Oriented Information Systems. In: Qiu, R. (ed.) Enterprise Service Computing from Concept to Deploymen, pp. 58\u201390. IGI Publishing, Hershey (2006)"},{"issue":"5","key":"43_CR28","doi-asserted-by":"publisher","first-page":"511","DOI":"10.1007\/s11573-007-0039-y","volume":"77","author":"U. Faisst","year":"2007","unstructured":"Faisst, U., Prokein, O., Wegmann, N.: Ein Modell zur dynamischen Investitionsrechnung von IT-Sicherheitsma\u00dfnahmen. Zeitschrift f\u00fcr Betriebswirtschaft 77(5), 511\u2013538 (2007)","journal-title":"Zeitschrift f\u00fcr Betriebswirtschaft"},{"key":"43_CR29","first-page":"232","volume-title":"24th International Conference on Software Engineering (ICESE2002)","author":"S.A. Butler","year":"2002","unstructured":"Butler, S.A.: Security attribute evaluation method: a cost-benefit approach. In: Tracz, W. (ed.) 24th International Conference on Software Engineering (ICESE2002), pp. 232\u2013240. IEEE Press, Orlando (2002)"},{"issue":"1","key":"43_CR30","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1145\/1107458.1107465","volume":"49","author":"L.A. Gordon","year":"2005","unstructured":"Gordon, L.A., Loeb, M.P.: Budgeting process for information security expenditures. Communications of the ACM 49(1), 121\u2013125 (2005)","journal-title":"Communications of the ACM"},{"key":"43_CR31","volume-title":"Managing Cybersecurity Resources: A Cost-Benefit Analysis","author":"L.A. Gordon","year":"2006","unstructured":"Gordon, L.A., Loeb, M.P.: Managing Cybersecurity Resources: A Cost-Benefit Analysis. McGraw-Hill, Maryland (2006)"},{"key":"43_CR32","volume-title":"The security risk assessment handbook: a complete guide for performing security risk assessments","author":"D.J. Landoll","year":"2006","unstructured":"Landoll, D.J.: The security risk assessment handbook: a complete guide for performing security risk assessments. Auerbach Publications, Boca Raton (2006)"},{"issue":"2","key":"43_CR33","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1145\/1042091.1042094","volume":"48","author":"L.D. Bodin","year":"2005","unstructured":"Bodin, L.D., Gordon, L.A., Loeb, M.P.: Evaluating Information Security Investments Using the Analytic Hierarchy Process. Communications of the ACM 48(2), 79\u201383 (2005)","journal-title":"Communications of the ACM"},{"key":"43_CR34","unstructured":"Conrad, J.R.: Analyzing the Risks of Information Security Investments with Monte Carlo Simulations. Fourth Workshop on the Economics of Information Security (WEIS 05), Boston (2005), http:\/\/www.infosecon.net\/workshop\/pdf\/13.pdf"},{"issue":"12","key":"43_CR35","doi-asserted-by":"crossref","first-page":"43","DOI":"10.1109\/2.889092","volume":"33","author":"T.A. Longstaff","year":"2000","unstructured":"Longstaff, T.A., Chittister, C., Pethia, R., Haimes, Y.Y.: Are we forgetting the risks of information technology? IEEE Computer 33(12), 43\u201351 (2000)","journal-title":"IEEE Computer"},{"issue":"3","key":"43_CR36","first-page":"78","volume":"9","author":"R.P. Kaplan","year":"1986","unstructured":"Kaplan, R.P.: CIM-Investitionen sind keine Glaubensfragen. Harvard Manager 9(3), 78\u201385 (1986)","journal-title":"Harvard Manager"},{"key":"43_CR37","unstructured":"Jakoubi, S., Tjoa, S., Quirchmayr, G.: Rope: A Methodology for Enabling the Risk-Aware Modelling and Simulation of Business Processes. In: \u00d6sterle, H., Schelp, J., Winter, R. (eds.) Proceedings of the Fifteenth European Conference on Information Systems (ECIS 2007), Universit\u00e4t St. Gallen, pp. 1596\u20131607 (2007)"},{"key":"43_CR38","volume-title":"Gesch\u00e4ftsproze\u00dforientierte Simulation der Informationssicherheit: Entwicklung und empirische Evaluation eines Systems zur Unterst\u00fctzung des Sicherheitsmanagements","author":"P. Konrad","year":"1998","unstructured":"Konrad, P.: Gesch\u00e4ftsproze\u00dforientierte Simulation der Informationssicherheit: Entwicklung und empirische Evaluation eines Systems zur Unterst\u00fctzung des Sicherheitsmanagements. Dissertation, K\u00f6ln, Josef Eul Verlag, Lohmar (1998)"},{"key":"43_CR39","unstructured":"R\u00f6hrig, S.: Using Process Models to Analyse IT Security Requirements. Dissertation, Z\u00fcrich (2003)"},{"key":"43_CR40","first-page":"155","volume-title":"Multikonferenz Wirtschaftsinformatik 2006","author":"S. Sitzberger","year":"2006","unstructured":"Sitzberger, S., Nowey, T.: Lernen vom Business Engineering-Ans\u00e4tze f\u00fcr ein systematisches, modellgest\u00fctztes Vorgehensmodell zum Sicherheitsmanagement. In: Lehner, F., N\u00f6sekabel, H., Kleinschmidt, P. (eds.) Multikonferenz Wirtschaftsinformatik 2006, Tagungsband 2, pp. 155\u2013165. Gito, Berlin (2006)"},{"key":"43_CR41","volume-title":"Von den Grundlagen bis zur Realisierung \u2014 Ein praxisorientierter Leitfaden","author":"H.-P. K\u00f6nigs","year":"2005","unstructured":"K\u00f6nigs, H.-P.: IT-Risiko-Management mit System. Von den Grundlagen bis zur Realisierung \u2014 Ein praxisorientierter Leitfaden. Vieweg, Wiesbaden (2005)"},{"key":"43_CR42","volume-title":"FMEA: Fehlerm\u00f6glichkeits-und-einflussanalyse in der industriellen Praxis","author":"W.D. Franke","year":"1989","unstructured":"Franke, W.D.: FMEA: Fehlerm\u00f6glichkeits-und-einflussanalyse in der industriellen Praxis. Verl. Moderne Industrie, Landsberg\/Lech (1989)"},{"key":"43_CR43","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-60758-5","volume-title":"Qualit\u00e4tsmanagement Lebensmittel: vom Rohstoff bis zum Fertigprodukt","author":"K. Pichardt","year":"1997","unstructured":"Pichardt, K.: Qualit\u00e4tsmanagement Lebensmittel: vom Rohstoff bis zum Fertigprodukt. Springer, Heidelberg (1997)"},{"key":"43_CR44","volume-title":"Die Fehlerbaum-Methode","author":"W. Schneeweiss","year":"1999","unstructured":"Schneeweiss, W.: Die Fehlerbaum-Methode. Aus dem Themenkreis Zuverl\u00e4ssigkeits-und Sicherheits-Technik. LiLoLe-Verlag, Hagen (1999)"},{"key":"43_CR45","unstructured":"Brabander, E., Ochs, H.: Analyse und Gestaltung prozessorientierter Risikomanagementsysteme mit Ereignisgesteuerten Prozessketten. In: N\u00fcttgens, M., Rump, F. (eds.) Gesch\u00e4ftsprozessmanagement mit Ereignisgesteuerten Prozessketten (EPK 2002), pp. 17\u201335. Trier (2002)"},{"key":"43_CR46","unstructured":"zur Muehlen, M., Rosemann, M.: Integrating Risks in Business Process Models. In: Australasian Conference on Information Systems (ACIS 2005) Manly, Sydney (2005)"},{"key":"43_CR47","unstructured":"Rieke, T.: Prozessorientiertes Risikomanagement. Ein informationsmodellorientierter Ansatz. Dissertation, Wirtschaftswissenschaftliche Fakult\u00e4t Westf\u00e4lische Wilhelms-Universit\u00e4t M\u00fcnster (2008)"},{"key":"43_CR48","unstructured":"Kesten, R., Schr\u00f6der, H., Wozniak, A.: Konzept zur Nutzenbewertung von IT-Investitionen. Arbeitspapiere der Nordakademie Elmshorn Elmshorn (2006)"},{"key":"43_CR49","first-page":"256","volume-title":"Umweltinformatik 99-Umweltinformatik zwischen Theorie und Industrieanwendung, 13. Internationales Symposium \u201cInformatik f\u00fcr den Umweltschutz\u201d","author":"S. K\u00fcker","year":"1999","unstructured":"K\u00fcker, S., Haasis, H.-D.: Gesch\u00e4ftsproze\u00dfmodellierung als Basis einer informationswirtschaftlichen Unterst\u00fctzung f\u00fcr ein AQU-Management. In: Rautenstrauch, C., Schenk, M. (eds.) Umweltinformatik 99-Umweltinformatik zwischen Theorie und Industrieanwendung, 13. Internationales Symposium \u201cInformatik f\u00fcr den Umweltschutz\u201d, pp. 256\u2013268. Metropolisverlag, Marburg (1999)"},{"key":"43_CR50","unstructured":"M\u00fcller, A., von Thienen, L., Schr\u00f6der, H.: IT-Controlling: So messen Sie den Beitrag der Informationstechnologie zum Unternehmenserfolg. Arbeitspapiere der Nordakademie Elmshorn Elmshorn (2004)"},{"key":"43_CR51","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1083091.1083099","volume-title":"Proceedings of the seventh international workshop on Economics-driven software engineering research","author":"T. Neubauer","year":"2005","unstructured":"Neubauer, T., Klemen, M., Biffl, S.: Business process-based valuation of IT-security. In: Sullivan, K. (ed.) Proceedings of the seventh international workshop on Economics-driven software engineering research, pp. 1\u20135. ACM Press, St. Louis (2005)"},{"key":"43_CR52","volume-title":"Investitionsrechnung mit vollst\u00e4ndigen Finanzpl\u00e4nen","author":"H.L. Grob","year":"1989","unstructured":"Grob, H.L.: Investitionsrechnung mit vollst\u00e4ndigen Finanzpl\u00e4nen. Vahlen, M\u00fcnchen (1989)"},{"key":"43_CR53","unstructured":"vom Brocke, J., Grob, H. L., Buddendick, C. and Strauch, G.: Return on Security Investments. Towards a Methodological Foundation of Measurement Systems. Proceedings of the 13th Americas Conference on Information Systems (AMCIS 2007), Keystone (2007), forthcoming"},{"issue":"1","key":"43_CR54","first-page":"95","volume":"42","author":"D.B. Hertz","year":"1964","unstructured":"Hertz, D.B.: Risk Analysis in Capital Investment. Harvard Business Review 42(1), 95\u2013106 (1964)","journal-title":"Harvard Business Review"}],"container-title":["Lecture Notes in Business Information Processing","Information Systems and e-Business Technologies"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-78942-0_43","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,3,1]],"date-time":"2019-03-01T13:07:19Z","timestamp":1551445639000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-78942-0_43"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008]]},"ISBN":["9783540789413","9783540789420"],"references-count":54,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-78942-0_43","relation":{},"ISSN":["1865-1348"],"issn-type":[{"type":"print","value":"1865-1348"}],"subject":[],"published":{"date-parts":[[2008]]}}}