확률모형을 이용한 정보보호 투자 포트폴리오 분석

Probabilistic Modeling for Evaluation of Information Security Investment Portfolios

  • 양원석 (한국전자통신연구원 기술전략본부 서비스정책연구부) ;
  • 김태성 (충북대학교 경영정보학과/BK21사업팀) ;
  • 박현민 (부경대학교 시스템경영공학과)
  • 발행 : 2009.09.30


We develop a probability model to evaluate information security investment portfolios. We assume that organizations install portfolios of information security countermeasures to mitigate the damage such as loss of the transaction being processed, damage of hardware and data, etc. A queueing model and Its expected value analysis are used to derive the lost cost of transactions being processed, the replacement cost of hardwares, and the recovery cost of data. The net present value for each portfolio is derived and organizations can select the optimal information security investment portfolio by comparing portfolios.



