Quantifying the Return of Security Investments for Technology Startups

IF 1.2 Q3 MULTIDISCIPLINARY SCIENCES
Mohamed Noordin Yusuff Marican, Siti Hajar Othman, Ali Selamat, Shukor Abd Razak
{"title":"Quantifying the Return of Security Investments for Technology Startups","authors":"Mohamed Noordin Yusuff Marican, Siti Hajar Othman, Ali Selamat, Shukor Abd Razak","doi":"10.21123/bsj.2023.9077","DOIUrl":null,"url":null,"abstract":"Technology startups are critical to the advancement of digital initiatives in many countries undergoing smart nation agenda. Technology startups are thus vendors and suppliers of services to large organizations such as the government sector, multi-national corporations and financial institutions. As such, startups are fast becoming attack vectors for malicious perpetrators to gain entry via backdoors to large organizations. However, startups remain prudent in their cyber security spending as their north star is revenue generation by delivering their services and minimum viable product (MVP) to their customers. This study proposes an enhanced Return on Security Investment (ROSI) which helps technology startups calculate the return on security investment and justify their budget of cyber security spending. Though there are existing models to calculate the return of investments allocated to cyber security expenditure, they are rather complex and do not give management clarity in terms of the monetary value for cyber security spending. Furthermore, the existing models do not cater to the dynamics and nuances of technology startups. The enhanced model also provides technology startups the ability to appropriately adjust their cyber security investments based on the calculations of the Minimum (Min) and Maximum (Max) ROSI values. The proposed and enhanced ROSI model has been validated by 5 cyber security experts who agreed on the importance and necessity of the model to be applied to technology startups. The results of the case study on a FinTech startup enable the calculation of the Min and Max ROSI to justify the return on security investments and provide the startup with the ability to adjust the cyber security spending accordingly.","PeriodicalId":8687,"journal":{"name":"Baghdad Science Journal","volume":"2017 38","pages":""},"PeriodicalIF":1.2000,"publicationDate":"2023-12-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Baghdad Science Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21123/bsj.2023.9077","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"MULTIDISCIPLINARY SCIENCES","Score":null,"Total":0}
引用次数: 0

Abstract

Technology startups are critical to the advancement of digital initiatives in many countries undergoing smart nation agenda. Technology startups are thus vendors and suppliers of services to large organizations such as the government sector, multi-national corporations and financial institutions. As such, startups are fast becoming attack vectors for malicious perpetrators to gain entry via backdoors to large organizations. However, startups remain prudent in their cyber security spending as their north star is revenue generation by delivering their services and minimum viable product (MVP) to their customers. This study proposes an enhanced Return on Security Investment (ROSI) which helps technology startups calculate the return on security investment and justify their budget of cyber security spending. Though there are existing models to calculate the return of investments allocated to cyber security expenditure, they are rather complex and do not give management clarity in terms of the monetary value for cyber security spending. Furthermore, the existing models do not cater to the dynamics and nuances of technology startups. The enhanced model also provides technology startups the ability to appropriately adjust their cyber security investments based on the calculations of the Minimum (Min) and Maximum (Max) ROSI values. The proposed and enhanced ROSI model has been validated by 5 cyber security experts who agreed on the importance and necessity of the model to be applied to technology startups. The results of the case study on a FinTech startup enable the calculation of the Min and Max ROSI to justify the return on security investments and provide the startup with the ability to adjust the cyber security spending accordingly.
量化初创科技公司的安全投资回报
在许多正在实施智能国家议程的国家,技术初创企业对于推进数字化计划至关重要。因此,技术初创企业是政府部门、跨国公司和金融机构等大型组织的服务销售商和供应商。因此,初创企业正迅速成为恶意攻击者通过后门进入大型组织的攻击载体。然而,初创企业在网络安全支出方面仍然十分谨慎,因为他们的北斗星是通过向客户提供服务和最小可行产品(MVP)来创收。本研究提出了一种增强型安全投资回报率(ROSI),可帮助科技初创企业计算安全投资回报率,并证明其网络安全支出预算的合理性。虽然现有模型可以计算分配给网络安全支出的投资回报,但这些模型相当复杂,无法为管理层提供清晰的网络安全支出货币价值。此外,现有模型也不符合初创科技公司的动态和细微差别。增强型模型还为初创科技企业提供了根据最小(Minimum)和最大(Maximum)ROSI 值的计算结果适当调整网络安全投资的能力。5 位网络安全专家对所提出的增强型 ROSI 模型进行了验证,他们一致认为该模型适用于初创科技公司非常重要和必要。金融科技初创企业案例研究的结果使最小和最大 ROSI 的计算能够证明安全投资回报的合理性,并为初创企业提供相应调整网络安全支出的能力。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
Baghdad Science Journal
Baghdad Science Journal MULTIDISCIPLINARY SCIENCES-
CiteScore
2.00
自引率
50.00%
发文量
102
审稿时长
24 weeks
期刊介绍: The journal publishes academic and applied papers dealing with recent topics and scientific concepts. Papers considered for publication in biology, chemistry, computer sciences, physics, and mathematics. Accepted papers will be freely downloaded by professors, researchers, instructors, students, and interested workers. ( Open Access) Published Papers are registered and indexed in the universal libraries.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信