{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T00:42:34Z","timestamp":1775263354688,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":38,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642394973","type":"print"},{"value":"9783642394980","type":"electronic"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-39498-0_1","type":"book-chapter","created":{"date-parts":[[2013,11,28]],"date-time":"2013-11-28T13:05:32Z","timestamp":1385643932000},"page":"3-24","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":30,"title":["A Closer Look at Information Security Costs"],"prefix":"10.1007","author":[{"given":"Matthias","family":"Brecht","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Thomas","family":"Nowey","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2013,10,8]]},"reference":[{"key":"1_CR1","unstructured":"Amoroso, E.: Hearing before the US Senate Commerce, Science, and Transportation Committee. Senate Hearing, pp.\u00a0111\u2013143. U.S. Senate Committee on Commerce, Science, and Transportation (2009). http:\/\/www.commerce.senate.gov\/public\/index.cfm?p=Hearings&ContentRecord_id=d59f00d0-0ad9-41cd-bde8-b96babb08b7e&ContentType_id=14f995b9-dfa5-407a-9d35-56cc7152a7ed&Group_id=b06c39af-e033-4cba-9221-de668ca1978a&YearDisplay=2009"},{"key":"1_CR2","doi-asserted-by":"crossref","unstructured":"Anderson, R.: Why information security is hard\u00a0\u2013 an economic perspective. In: ACSAC\u201901: Proceedings of the 17th Annual Computer Security Applications Conference, New Orleans, pp.\u00a0358\u2013365. IEEE Computer Society (2001)","DOI":"10.1109\/ACSAC.2001.991552"},{"issue":"3","key":"1_CR3","first-page":"60","volume":"42","author":"J. Barth\u00e9lemy","year":"2001","unstructured":"Barth\u00e9lemy, J.: The hidden costs of IT outsourcing. Sloan Manage. Rev. 42(3), 60\u201369 (2001)","journal-title":"Sloan Manage. Rev."},{"key":"1_CR4","doi-asserted-by":"crossref","unstructured":"Berinato, S.: Finally, a Real Return on Security Spending. CIO Magazine (2002). Available Online: http:\/\/www.cio.com.au\/article\/52650\/finally_real_return_security_spending\/","DOI":"10.1016\/S1353-4858(02)00214-3"},{"key":"1_CR5","unstructured":"Capgemini: IT-Trends (2008)"},{"issue":"7","key":"1_CR6","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1145\/1005817.1005828","volume":"47","author":"H. Cavusoglu","year":"2004","unstructured":"Cavusoglu, H., Mishra, B., Raghunathan, S.: A model for evaluating IT security investments. Commun. ACM 47(7), 87\u201392 (2004)","journal-title":"Commun. ACM"},{"key":"1_CR7","unstructured":"Commission, F.T.: Identity theft survey report. http:\/\/www.ftc.gov\/os\/2003\/09\/synovatereport.pdf (2003)"},{"key":"1_CR8","unstructured":"Commission, F.T.: 2006 identity theft survey report. www.ftc.gov\/os\/2007\/11\/SynovateFinalReportIDTheft2006.pdf (2007). Accessed 20 Sep 2012"},{"key":"1_CR9","doi-asserted-by":"publisher","first-page":"511","DOI":"10.1007\/s11573-007-0039-y","volume":"77","author":"U. Faisst","year":"2007","unstructured":"Faisst, U., Prokein, O., Wegmann, N.: Ein Modell zur dynamischen Investitionsrechnung von IT-Sicherheitsma\u00dfnahmen. Zeitschrift f\u00fcr Betriebswirtschaft 77, 511\u2013538 (2007)","journal-title":"Zeitschrift f\u00fcr Betriebswirtschaft"},{"key":"1_CR10","first-page":"93","volume":"34","author":"A. Feigenbaum","year":"1956","unstructured":"Feigenbaum, A.: Total quality control. Harv. Bus. Rev. 34, 93\u2013101 (1956)","journal-title":"Harv. Bus. Rev."},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"Flor\u00eancio, D., Herley, C.: Sex, lies and cyber-crime surveys. In: Ed: Bruce Schneier (ed.) Economics of Information Security and Privacy III. Springer, New York (2013). http:\/\/link.springer.com\/book\/10.1007\/978-1-4614-1981-5zitieren?","DOI":"10.1007\/978-1-4614-1981-5_3"},{"key":"1_CR12","unstructured":"Gartner: Distributed computing\u00a0\u2013 chart of accounts. http:\/\/www.arsys-europe.net\/Propalms\/Datasheets\/Propalms_WhitePaper_Gartner_TCO_Analyse_for_Distributed_Computer.pdf (2003). Accessed 20 Sep 2012"},{"key":"1_CR13","unstructured":"Gartner: IT budget: information security & risk management spend metrics. http:\/\/www.gartner.com\/technology\/metrics\/it-security-risk-spending.jsp (2011). Accessed 20 Sep 2012"},{"issue":"4","key":"1_CR14","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"L. Gordon","year":"2002","unstructured":"Gordon, L., Loeb, M.: The economics of information security investment. ACM Trans. Inf. Sys. Secur. (TISSEC) 5(4), 438\u2013457 (2002)","journal-title":"ACM Trans. Inf. Sys. Secur. (TISSEC)"},{"key":"1_CR15","volume-title":"Managing Cybersecurity Resources: A Cost-Benefit Analysis","author":"L. Gordon","year":"2005","unstructured":"Gordon, L., Loeb, M.: Managing Cybersecurity Resources: A Cost-Benefit Analysis, 1st edn. McGraw-Hill, New York (2005)","edition":"1"},{"key":"1_CR16","unstructured":"Holthaus, M.: Management der Informationssicherheit in Unternehmen. PhD thesis, Universit\u00e4t Z\u00fcrich (2000)"},{"key":"1_CR17","unstructured":"Hoo, K.J.S.: How much is enough? A risk management approach to computer security. PhD thesis, Stanford University (2000)"},{"key":"1_CR18","unstructured":"Humpert-Vrielink, F., Vrielink, N.: Ganzheitliches sicherheitskosten-controlling. http:\/\/www.kes.info\/archiv\/online\/kostencontrolling.html (2011). Accessed 20 Sep 2012"},{"key":"1_CR19","unstructured":"ISO: ISO\/IEC 27001:2005 Information Technology\u00a0\u2013 Security Techniques\u00a0\u2013 Information Security Management Systems\u00a0\u2013 Requirements (2005)"},{"key":"1_CR20","unstructured":"Kendrick, S.: The morphing IT security landscape. https:\/\/vishnu.fhcrc.org\/security-seminar\/IT-Security-Landscape-Morphs.pdf (2010). Accessed 20 Sep 2012"},{"key":"1_CR21","volume-title":"Security Metrics Management: How to Manage the Costs of an Assets Protection Program","author":"G. Kovacich","year":"2006","unstructured":"Kovacich, G., Halibozek, E.: Security Metrics Management: How to Manage the Costs of an Assets Protection Program. Butterworth-Heinemann, Oxford (2006)"},{"key":"1_CR22","unstructured":"K\u00fctz, M.: Controlling der Information Security, 19th edn. T\u00dcV Media\u00a0\u2013 Dieter Burgartz and Ralf R\u00f6hrig, chap.\u00a003710. No.\u00a032. Aktualisierung September 2011 in Praxiswissen IT-Sicherheit: Praxishandbuch f\u00fcr Aufbau, Zertifizierung und Betrieb (2011)"},{"key":"1_CR23","doi-asserted-by":"publisher","unstructured":"Langfield-Smith, K., Smith, D.: Managing the IS outsourcing relationship. In: Rivard, S., Aubert, B.A. (eds.) Advances in Managing Information Systems. Information System Outsourcing, chap. 10, pp.\u00a0163\u2013188. M.E. Sharpe, Armonk (2008)","DOI":"10.1007\/978-3-642-39498-0_10"},{"key":"1_CR24","first-page":"1207","volume-title":"Wirtschaftsinformatik","author":"C. Locher","year":"2005","unstructured":"Locher, C.: Ein Steuerungsmodell f\u00fcr das Management von IV-Sicherheitsrisiken bei Kreditinstituten. In: Ferstl, O.K., Sinz, E.J., Eckert, S., Isselhorst, T. (eds.) Wirtschaftsinformatik, pp.\u00a01207\u20131225. Physica-Verlag, Heidelberg (2005)"},{"issue":"12","key":"1_CR25","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1109\/2.889092","volume":"33","author":"T. Longstaff","year":"2000","unstructured":"Longstaff, T., Chittister, C., Pethia, R., Haimes, Y.: Are we forgetting the risk of information technology. IEEE Comput. 33(12), 43\u201351 (2000)","journal-title":"IEEE Comput."},{"issue":"248","key":"1_CR26","first-page":"6","volume":"43","author":"H.P. Lubich","year":"2006","unstructured":"Lubich, H.P.: IT-Sicherheit: Systematik, aktuelle Probleme und Kosten-Nutzen-Betrachtung. HMD, Praxis der Wirtschaftsinformatik 43(248), 6\u201315 (2006)","journal-title":"HMD, Praxis der Wirtschaftsinformatik"},{"issue":"6","key":"1_CR27","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1145\/777313.777327","volume":"46","author":"R.T. Mercuri","year":"2003","unstructured":"Mercuri, R.T.: Analyzing security costs. Commun. ACM 46(6), 15\u201318 (2003)","journal-title":"Commun. ACM"},{"key":"1_CR28","unstructured":"New Scientist: Cybercrime toll threatens new financial crisis. http:\/\/www.newscientist.com\/article\/dn16092-cybercrime-toll-threatens-new-financial-crisis.html (2008). Accessed 04 June 2012"},{"key":"1_CR29","unstructured":"NIST\u00a0\u2013 National Institute of Standards and Technology: Risk Management Guide for Information Technology Systems. NIST Special Publication 800\u201330 (2004)"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Nowey, T.: Konzeption eines Systems zur \u00fcberbetrieblichen Sammlung und Nutzung von quantitativen Daten \u00fcber Informationssicherheitsvorf\u00e4lle. PhD thesis, Universit\u00e4t Regensburg (2010)","DOI":"10.1007\/978-3-8348-9873-9"},{"key":"1_CR31","unstructured":"Penn, J.: The State of Enterprise IT Security: 2008 to 2009 (2009). http:\/\/www.forrester.com\/The+State+Of+Enterprise+IT+Security+2008+To+2009\/fulltext\/-\/E-RES47857"},{"issue":"248","key":"1_CR32","first-page":"26","volume":"43","author":"N. Pohlmann","year":"2006","unstructured":"Pohlmann, N.: Wie wirtschaftlich sind IT-Sicherheitsma\u00dfnahmen. HMD, Praxis der Wirtschaftsinformatik 43(248), 26\u201334 (2006)","journal-title":"HMD, Praxis der Wirtschaftsinformatik"},{"key":"1_CR33","unstructured":"Schaffry, A.: Die IT-Sicherheitsausgaben bis 2015. http:\/\/www.cio.de\/knowledgecenter\/security\/2294879\/index.html?r=2616952702416512&lid=152021 (2011). Accessed 20 Sep 2012"},{"key":"1_CR34","doi-asserted-by":"publisher","first-page":"647","DOI":"10.1108\/02656710610672470","volume":"23","author":"A. Schiffauerova","year":"2006","unstructured":"Schiffauerova, A., Thomson, V.: A review of research on cost of quality models and best practices. Int. J. Qual. Reliab. Manage. 23, 647\u2013669 (2006)","journal-title":"Int. J. Qual. Reliab. Manage."},{"key":"1_CR35","volume-title":"Articulating the business value of information security","author":"T. Scholtz","year":"2011","unstructured":"Scholtz, T.: Articulating the business value of information security. Tech. rep., Gartner Inc. (2011)"},{"key":"1_CR36","unstructured":"SSG Inc: Cyber crime\u00a0\u2013 the facts. http:\/\/www.ssg-inc.net\/cyber_crime\/cyber_crime.html (2012). Accessed 20 Sep 2012"},{"key":"1_CR37","unstructured":"Sullivan, T.: The surprisingly small percentage health orgs spend on data security. http:\/\/govhealthit.com\/news\/surprisinlgy-small-percentage-health-orgs-spend-data-security (2011). Accessed 20 Sep 2012"},{"key":"1_CR38","unstructured":"Weigelt, M.: Security could consume 10 percent of IT budget. http:\/\/fcw.com\/articles\/2008\/02\/07\/security-could-consume-10-percent-of-it-budget.aspx (2008). Accessed 20 Sep 2012"}],"container-title":["The Economics of Information Security and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-39498-0_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T00:15:29Z","timestamp":1746058529000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-642-39498-0_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642394973","9783642394980"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-39498-0_1","relation":{},"subject":[],"published":{"date-parts":[[2013]]},"assertion":[{"value":"8 October 2013","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}