{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T00:06:23Z","timestamp":1776902783288,"version":"3.51.2"},"reference-count":51,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2023,10,14]],"date-time":"2023-10-14T00:00:00Z","timestamp":1697241600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2023,10,14]],"date-time":"2023-10-14T00:00:00Z","timestamp":1697241600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"name":"Institute for Energy Technology"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Telecommun Syst"],"published-print":{"date-parts":[[2023,12]]},"abstract":"Abstract<\/jats:title>This competitive environment is rapidly driving technological modernization. Sophisticated cyber security attacks are expanding exponentially, inflicting reputation damage and financial and economic loss. Since security investments may take time to generate revenues, organizations need more time to convince top management to support them. Even though several ROSI techniques have been put out, they still need to address network-related infrastructure. By addressing gaps in existing techniques, this study delivers a comprehensive framework for calculating Return on Network Security Investment (RONSI). The proposed framework uses a statistical prediction model based on Bayes\u2019 theorem to calculate the RONSI. It is validated by Common Vulnerability Security Systems (CVSS) datasets and compared to existing studies. The results demonstrate that the annual loss is reduced to 75% with the proposed RONSI model after implementing a security strategy, and the proposed model is compared with existing studies. An organization can effectively justify investments in network-related infrastructure while enhancing its credibility and dependability in the cutthroat marketplace.<\/jats:p>","DOI":"10.1007\/s11235-023-01039-9","type":"journal-article","created":{"date-parts":[[2023,10,14]],"date-time":"2023-10-14T19:01:15Z","timestamp":1697310075000},"page":"533-548","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["RONSI: a framework for calculating return on network security investment"],"prefix":"10.1007","volume":"84","author":[{"given":"Kousik","family":"Barik","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sanjay","family":"Misra","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Luis","family":"Fernandez-Sanz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Murat","family":"Koyuncu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,10,14]]},"reference":[{"key":"1039_CR1","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1016\/j.ijcip.2019.02.001","volume":"25","author":"LC Herrera","year":"2019","unstructured":"Herrera, L. C., & Maennel, O. (2019). A comprehensive instrument for identifying critical information infrastructure services. International Journal of Critical Infrastructure Protection, 25, 50\u201361.","journal-title":"International Journal of Critical Infrastructure Protection"},{"key":"1039_CR2","unstructured":"The Top 10 Data Breaches of 2021, Security Magazine, https:\/\/www.securitymagazine.com\/articles\/96667-the-top-data-breaches-of-2021"},{"key":"1039_CR3","unstructured":"Itgoverence, UK, Data breaches and cyber attacks in 2021: 5.1 billion breaches records, https:\/\/www.itgovernance.co.uk\/blog\/data-breaches-and-cyber-attacks-in-2021-5-1-billion-breached-records"},{"key":"1039_CR4","unstructured":"Itgoverence, UK, Cyber Attacks and Data Breaches in Review: February 2022, https:\/\/www.itgovernance.eu\/blog\/en\/cyber-attacks-and-data-breaches-in-review-february-2022"},{"key":"1039_CR5","unstructured":"Special Report: Cyberwelfare In the C-Suite, 2020, https:\/\/cybersecurityventures.com\/cybercrime-damages-6-trillion-by-2021\/"},{"key":"1039_CR6","doi-asserted-by":"publisher","first-page":"109918","DOI":"10.1016\/j.rser.2020.109918","volume":"130","author":"L Das","year":"2020","unstructured":"Das, L., Munikoti, S., Natarajan, B., & Srinivasan, B. (2020). Measuring smart grid resilience: Methods, challenges and opportunities. Renewable and Sustainable Energy Reviews, 130, 109918.","journal-title":"Renewable and Sustainable Energy Reviews"},{"key":"1039_CR7","doi-asserted-by":"publisher","first-page":"113069","DOI":"10.1016\/j.dss.2019.05.009","volume":"122","author":"JA Paul","year":"2019","unstructured":"Paul, J. A., & Wang, X. J. (2019). Socially optimal I.T. investment for cybersecurity. Decision Support Systems, 122, 113069.","journal-title":"Decision Support Systems"},{"key":"1039_CR8","doi-asserted-by":"publisher","first-page":"1318","DOI":"10.1108\/ITP-05-2018-0252","volume":"32","author":"S Ekelund","year":"2019","unstructured":"Ekelund, S., & Iskoujina, Z. (2019). Cybersecurity economics\u2013balancing operational security spending. Information Technology & People, 32, 1318.","journal-title":"Information Technology & People"},{"issue":"4","key":"1039_CR9","doi-asserted-by":"publisher","first-page":"1216","DOI":"10.1080\/00207543.2020.1721591","volume":"59","author":"Y Li","year":"2021","unstructured":"Li, Y., & Xu, L. (2021). Cybersecurity investments in a two-echelon supply chain with third-party risk propagation. International Journal of Production Research, 59(4), 1216\u20131238.","journal-title":"International Journal of Production Research"},{"key":"1039_CR10","unstructured":"Cybersecurity statistics 2021, https:\/\/nordlayer.com\/blog\/cybersecurity-statistics-2021-review\/"},{"key":"1039_CR11","unstructured":"ZDNet, Most companies take over six months to detect data breaches, May 2015, https:\/\/www.zdnet.com\/article\/businesses-take-over-six-months-to-detect-data-breaches\/"},{"issue":"2","key":"1039_CR12","doi-asserted-by":"publisher","first-page":"347","DOI":"10.1080\/13563467.2021.1973397","volume":"27","author":"M Feldmann","year":"2022","unstructured":"Feldmann, M., & Morgan, G. (2022). Business elites and populism: Understanding business responses. New Political Economy, 27(2), 347\u2013359.","journal-title":"New Political Economy"},{"issue":"4","key":"1039_CR13","doi-asserted-by":"publisher","first-page":"517","DOI":"10.1109\/JPROC.2020.3034595","volume":"109","author":"C Zhou","year":"2020","unstructured":"Zhou, C., Hu, B., Shi, Y., Tian, Y. C., Li, X., & Zhao, Y. (2020). A unified architectural approach for cyberattack-resilient industrial control systems. Proceedings of the IEEE, 109(4), 517\u2013541.","journal-title":"Proceedings of the IEEE"},{"issue":"5","key":"1039_CR14","doi-asserted-by":"publisher","first-page":"1306","DOI":"10.1002\/mde.3310","volume":"42","author":"X Li","year":"2021","unstructured":"Li, X., & Xue, Q. (2021). An economic analysis of information security investment decision making for substitutable enterprises. Managerial and Decision Economics, 42(5), 1306\u20131316.","journal-title":"Managerial and Decision Economics"},{"issue":"4","key":"1039_CR15","doi-asserted-by":"publisher","first-page":"689","DOI":"10.1111\/j.1539-6924.1999.tb00439.x","volume":"19","author":"P Slovic","year":"1999","unstructured":"Slovic, P. (1999). Trust, emotion, sex, politics, and science: Surveying the risk-assessment battlefield. Risk analysis, 19(4), 689\u2013701.","journal-title":"Risk analysis"},{"issue":"1","key":"1039_CR16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/0888-613X(93)90005-X","volume":"9","author":"P Smets","year":"1993","unstructured":"Smets, P. (1993). Belief functions: The disjunctive rule of combination and the generalized Bayesian theorem. International Journal of approximate reasoning, 9(1), 1\u201335.","journal-title":"International Journal of approximate reasoning"},{"key":"1039_CR17","unstructured":"Locher, C. (2005). Methodologies for evaluating information security Investments-What Basel II can change in the financial industry."},{"key":"1039_CR18","unstructured":"The NIST, \"Return on Investment Initiative Draft Green Paper intitiative\" https:\/\/www.nist.gov\/system\/files\/documents\/2018\/12\/06\/roi_initiative_draft_green_paper_nist_sp_1234.pdf"},{"key":"1039_CR19","unstructured":"ENISA, \"Investing for Security ROI \"https:\/\/www.enisa.europa.eu\/news\/enisa-news\/investing-in-security-for-roi"},{"key":"1039_CR20","doi-asserted-by":"crossref","unstructured":"Xie, P., Li, J. H., Ou, X., Liu, P., & Levy, R. (2010, June). Using Bayesian networks for cyber security analysis. In\u00a02010 IEEE\/IFIP International Conference on Dependable Systems & Networks (DSN)\u00a0(pp. 211\u2013220). IEEE.","DOI":"10.1109\/DSN.2010.5544924"},{"issue":"2","key":"1039_CR21","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1080\/13623079.2011.587206","volume":"24","author":"S Bistarelli","year":"2012","unstructured":"Bistarelli, S., Fioravanti, F., Peretti, P., & Santini, F. (2012). Evaluation of complex security scenarios using defense trees and economic indexes. Journal of Experimental & Theoretical Artificial Intelligence, 24(2), 161\u2013192.","journal-title":"Journal of Experimental & Theoretical Artificial Intelligence"},{"key":"1039_CR22","doi-asserted-by":"crossref","unstructured":"Roy, A., Kim, D. S., & Trivedi, K. S. (2012, June). Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees. In\u00a0IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN 2012)\u00a0(pp. 1\u201312). IEEE.","DOI":"10.1109\/DSN.2012.6263940"},{"key":"1039_CR23","doi-asserted-by":"crossref","unstructured":"Ji, X., Yu, H., Fan, G., & Fu, W. (2016, May). Attack-defense trees based cyber security analysis for CPSs. In\u00a02016 17th IEEE\/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel\/Distributed Computing (SNPD)\u00a0(pp. 693\u2013698). IEEE.","DOI":"10.1109\/SNPD.2016.7515980"},{"issue":"4","key":"1039_CR24","first-page":"124","volume":"23","author":"V Saini","year":"2008","unstructured":"Saini, V., Duan, Q., & Paruchuri, V. (2008). Threat modeling using attack trees. Journal of Computing Sciences in Colleges, 23(4), 124\u2013131.","journal-title":"Journal of Computing Sciences in Colleges"},{"key":"1039_CR25","doi-asserted-by":"crossref","unstructured":"Enoch, S. Y., Hong, J. B., Ge, M., Alzaid, H., & Kim, D. S. (2018, January). Automated security investment analysis of dynamic networks. In\u00a0Proceedings of the Australasian Computer Science Week Multiconference\u00a0(pp. 1\u201310).","DOI":"10.1145\/3167918.3167964"},{"key":"1039_CR26","doi-asserted-by":"crossref","unstructured":"Enoch, S. Y., Ge, M., Hong, J. B., & Kim, D. S. (2021, May). Model-based Cybersecurity Analysis: Past Work and Future Directions. In\u00a02021 Annual Reliability and Maintainability Symposium (RAMS)\u00a0(pp. 1\u20137). IEEE.","DOI":"10.1109\/RAMS48097.2021.9605784"},{"key":"1039_CR27","doi-asserted-by":"crossref","unstructured":"Butler, S. A. (2002, May). Security attribute evaluation method: a cost-benefit approach. In\u00a0Proceedings of the 24th international conference on Software engineering\u00a0(pp. 232\u2013240).","DOI":"10.1145\/581339.581370"},{"key":"1039_CR28","doi-asserted-by":"crossref","unstructured":"Pontes, E., Guelfi, A. E., Silva, A. A., &Kofuji, S. T. (2011). A Comprehensive Risk Management Framework for Approaching the Return on Security Investment (ROSI).\u00a0Risk Management in Environment, Production and Economy, 149\u2013170.","DOI":"10.5772\/25911"},{"key":"1039_CR29","unstructured":"Aguiar Rodriquez, A. (2017). Understanding the dynamics of information security investments. A simulation-based approach."},{"key":"1039_CR30","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.dss.2013.10.011","volume":"61","author":"CD Huang","year":"2014","unstructured":"Huang, C. D., Behara, R. S., & Goo, J. (2014). Optimal information security investment in a healthcare information exchange: An economic analysis. Decision Support Systems, 61, 1\u201311.","journal-title":"Decision Support Systems"},{"issue":"15\u201316","key":"1039_CR31","doi-asserted-by":"publisher","first-page":"6132","DOI":"10.1016\/j.eswa.2015.03.033","volume":"42","author":"Y Wu","year":"2015","unstructured":"Wu, Y., Feng, G., Wang, N., & Liang, H. (2015). Game of information security investment: Impact of attack types and network vulnerability. Expert Systems with Applications, 42(15\u201316), 6132\u20136146.","journal-title":"Expert Systems with Applications"},{"issue":"1","key":"1039_CR32","first-page":"45","volume":"38","author":"W Sonnenreich","year":"2006","unstructured":"Sonnenreich, W., Albanese, J., & Stout, B. (2006). Return on security investment (ROSI)-a practical quantitative model. Journal of Research and practice in Information Technology, 38(1), 45\u201356.","journal-title":"Journal of Research and practice in Information Technology"},{"key":"1039_CR33","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/j.dss.2016.02.012","volume":"86","author":"A Fielder","year":"2016","unstructured":"Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support approaches for cyber security investment. Decision support systems, 86, 13\u201323.","journal-title":"Decision support systems"},{"key":"1039_CR34","doi-asserted-by":"publisher","first-page":"754","DOI":"10.1016\/j.future.2018.12.033","volume":"95","author":"T Yaqoob","year":"2019","unstructured":"Yaqoob, T., Arshad, A., Abbas, H., Amjad, M. F., & Shafqat, N. (2019). Framework for calculating return on security investment (ROSI) for security-oriented organizations. Future Generation Computer Systems, 95, 754\u2013763.","journal-title":"Future Generation Computer Systems"},{"key":"1039_CR35","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1080\/08839514.2022.2055399","volume":"36","author":"K Barik","year":"2022","unstructured":"Barik, K., Misra, S., Konar, K., Fernandez-Sanz, L., & Murat, K. (2022). Cybersecurity deep: Approaches, attacks dataset, and comparative study. Applied Artificial Intelligence, 36, 1\u201324.","journal-title":"Applied Artificial Intelligence"},{"key":"1039_CR36","unstructured":"Halpern, J. I., Leininger, K. E., Toth, R. D., & Shaw, O. A. (2018).\u00a0U.S. Patent No. 10,129,215. Washington, DC: U.S. Patent and Trademark Office."},{"key":"1039_CR37","doi-asserted-by":"crossref","unstructured":"Harrell, C. R., Patton, M., Chen, H., &Samtani, S. (2018, November). Vulnerability assessment, remediation, and automated reporting: Case studies of higher education institutions. In\u00a02018 IEEE International Conference on Intelligence and Security Informatics (ISI)\u00a0(pp. 148\u2013153). IEEE.","DOI":"10.1109\/ISI.2018.8587380"},{"key":"1039_CR38","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1007\/978-3-319-93931-5_8","volume-title":"Business information systems: 21st international conference, BIS 2018, Berlin, Germany proceedings","author":"D Proen\u00e7a","year":"2018","unstructured":"Proen\u00e7a, D., & Borbinha, J. (2018). Information security management systems-A maturity model based on ISO\/IEC 27001. In Witold Abramowicz & Adrian Paschke (Eds.), Business information systems: 21st international conference, BIS 2018, Berlin, Germany proceedings (pp. 102\u2013114). Cham: Springer International Publishing. https:\/\/doi.org\/10.1007\/978-3-319-93931-5_8"},{"issue":"4","key":"1039_CR39","doi-asserted-by":"publisher","first-page":"3171","DOI":"10.1007\/s13369-019-04319-2","volume":"45","author":"M Humayun","year":"2020","unstructured":"Humayun, M., Niazi, M., Jhanjhi, N. Z., Alshayeb, M., & Mahmood, S. (2020). Cyber security threats and vulnerabilities: A systematic mapping study. Arabian Journal for Science and Engineering, 45(4), 3171\u20133189.","journal-title":"Arabian Journal for Science and Engineering"},{"key":"1039_CR40","doi-asserted-by":"publisher","first-page":"102382","DOI":"10.1016\/j.cose.2021.102382","volume":"109","author":"P Formosa","year":"2021","unstructured":"Formosa, P., Wilson, M., & Richards, D. (2021). A principlist framework for cybersecurity ethics. Computers & Security, 109, 102382.","journal-title":"Computers & Security"},{"issue":"3","key":"1039_CR41","doi-asserted-by":"publisher","first-page":"434","DOI":"10.1109\/TEM.2018.2798408","volume":"65","author":"MD Smith","year":"2018","unstructured":"Smith, M. D., & Pate-Cornell, M. E. (2018). Cyber risk analysis for a smart grid: How smart is smart enough? A multiarmed bandit approach to cyber security investment. IEEE Transactions on Engineering Management, 65(3), 434\u2013447.","journal-title":"IEEE Transactions on Engineering Management"},{"key":"1039_CR42","doi-asserted-by":"crossref","unstructured":"Pinzon, C., De Paz, J. F., Bajo, J., Herrero, A., &Corchado, E. (2010, August). AIIDA-SQL: an adaptive intelligent intrusion detector agent for detecting SQL injection attacks. In\u00a02010 10th International Conference on Hybrid Intelligent Systems\u00a0(pp. 73\u201378). IEEE.","DOI":"10.1109\/HIS.2010.5600026"},{"issue":"4","key":"1039_CR43","doi-asserted-by":"publisher","first-page":"3053","DOI":"10.1007\/s11277-021-09040-8","volume":"122","author":"PJ Pajila","year":"2022","unstructured":"Pajila, P. J., Julie, E. G., & Robinson, Y. H. (2022). FBDR-fuzzy based DDoS attack detection and recovery mechanism for wireless sensor networks. Wireless Personal Communications, 122(4), 3053\u20133083.","journal-title":"Wireless Personal Communications"},{"key":"1039_CR44","first-page":"1","volume":"822","author":"A Skoufis","year":"2022","unstructured":"Skoufis, A., Chatzithanasis, G., Dede, G., Filiopoulou, E., Kamalakis, T., & Michalakelis, C. (2022). Technoeconomic assessment of an FTTH network investment in the Greek telecommunications market. Telecommunication Systems, 822, 1\u201317.","journal-title":"Telecommunication Systems"},{"issue":"1","key":"1039_CR45","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1007\/s11235-022-00885-3","volume":"80","author":"A Mamane","year":"2022","unstructured":"Mamane, A., Fattah, M., El Ghazi, M., & El Bekkali, M. (2022). 5G enhanced mobile broadband multi-criteria scheduler for dense urban scenario. Telecommunication Systems, 80(1), 33\u201343.","journal-title":"Telecommunication Systems"},{"key":"1039_CR46","first-page":"1","volume":"82","author":"S Eswaran","year":"2022","unstructured":"Eswaran, S., & Honnavalli, P. (2022). Private 5G networks: a survey on enabling technologies, deployment models, use cases and research directions. Telecommunication Systems, 82, 1\u201324.","journal-title":"Telecommunication Systems"},{"issue":"2","key":"1039_CR47","first-page":"799","volume":"52","author":"K Vajanapoom","year":"2013","unstructured":"Vajanapoom, K., Tipper, D., & Akavipat, S. (2013). Risk based resilient network design. Telecommunication Systems, 52(2), 799\u2013811.","journal-title":"Telecommunication Systems"},{"issue":"4","key":"1039_CR48","doi-asserted-by":"publisher","first-page":"605","DOI":"10.1007\/s11235-017-0411-3","volume":"68","author":"A Kliks","year":"2018","unstructured":"Kliks, A., Musznicki, B., Kowalik, K., & Kryszkiewicz, P. (2018). Perspectives for resource sharing in 5G networks. Telecommunication Systems, 68(4), 605\u2013619.","journal-title":"Telecommunication Systems"},{"issue":"4","key":"1039_CR49","doi-asserted-by":"publisher","first-page":"615","DOI":"10.1007\/s11235-017-0309-0","volume":"66","author":"G Gardikis","year":"2017","unstructured":"Gardikis, G., Koumaras, H., Sakkas, C., & Koumaras, V. (2017). Towards SDN\/NFV-enabled satellite networks. Telecommunication Systems, 66(4), 615\u2013628.","journal-title":"Telecommunication Systems"},{"issue":"4","key":"1039_CR50","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1007\/s11235-008-9109-x","volume":"37","author":"M Zghaibeh","year":"2008","unstructured":"Zghaibeh, M., & Harmantzis, F. C. (2008). A lottery-based pricing scheme for peer-to-peer networks. Telecommunication Systems, 37(4), 217\u2013230.","journal-title":"Telecommunication Systems"},{"key":"1039_CR51","doi-asserted-by":"crossref","unstructured":"Almatari, O., Wang, X., Zhang, W. and Khan, M.K., 2023. VTAIM: volatile transaction authentication insurance method for cyber security risk insurance of banking services.","DOI":"10.21203\/rs.3.rs-2413299\/v1"}],"container-title":["Telecommunication Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11235-023-01039-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11235-023-01039-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11235-023-01039-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,30]],"date-time":"2024-10-30T21:23:09Z","timestamp":1730323389000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11235-023-01039-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,14]]},"references-count":51,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2023,12]]}},"alternative-id":["1039"],"URL":"https:\/\/doi.org\/10.1007\/s11235-023-01039-9","relation":{},"ISSN":["1018-4864","1572-9451"],"issn-type":[{"value":"1018-4864","type":"print"},{"value":"1572-9451","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,10,14]]},"assertion":[{"value":"25 June 2023","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 October 2023","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Authors do not have any conflict of interest with anybody.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}