Welcome to the InfoSci Platform
Reference Hub5
Determining a Return on Investment for Cybersecurity Technologies in Networked Critical Infrastructures

Determining a Return on Investment for Cybersecurity Technologies in Networked Critical Infrastructures

Roger A. Hallman, Maxine Major, Jose Romero-Mariona, Richard Phipps, Esperanza Romero, Scott M. Slayback, Francisco Tacliad, John M. San Miguel
Copyright: © 2021 |Volume: 11 |Issue: 2 |Pages: 22
ISSN: 1947-9344|EISSN: 1947-9352|EISBN13: 9781799861171|DOI: 10.4018/IJOCI.2021040105
Cite Article Cite Article

MLA

Hallman, Roger A., et al. "Determining a Return on Investment for Cybersecurity Technologies in Networked Critical Infrastructures." IJOCI vol.11, no.2 2021: pp.91-112. http://doi.org/10.4018/IJOCI.2021040105

APA

Hallman, R. A., Major, M., Romero-Mariona, J., Phipps, R., Romero, E., Slayback, S. M., Tacliad, F., & San Miguel, J. M. (2021). Determining a Return on Investment for Cybersecurity Technologies in Networked Critical Infrastructures. International Journal of Organizational and Collective Intelligence (IJOCI), 11(2), 91-112. http://doi.org/10.4018/IJOCI.2021040105

Chicago

Hallman, Roger A., et al. "Determining a Return on Investment for Cybersecurity Technologies in Networked Critical Infrastructures," International Journal of Organizational and Collective Intelligence (IJOCI) 11, no.2: 91-112. http://doi.org/10.4018/IJOCI.2021040105

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

Much of modern life is dependent on networked critical infrastructure systems—many known to be susceptible to cyberattacks—such as the electrical grid, water purification, and transportation systems. The consequences of a successful cyberattack on these systems could be catastrophic. Appropriate levels and strategies for cybersecurity investment for networked critical infrastructures present a serious challenge that administering organizations, whether public or private, must overcome in order to provide resilient services. This challenge includes understanding the actual vulnerabilities of an organization's networked systems, as well as the cost of a successful cyberattack on those systems. On top of this, an organization's cybersecurity acquisition workforce must be able to discern reality from the marketing hype that is produced by cybersecurity sales forces. Many product offerings from industry promise to secure critical infrastructures, but there is no good method for determining which product (or combination of products) is most effective for a specific environment or scenario. This paper presents a return on cybersecurity investment (ROCI) model utilized, together with a previously-developed framework for evaluating cybersecurity technologies, by the resilient critical infrastructures through secure and efficient microgrids (ReCIst) capability. ReCIst uses this model to guide decision makers on how to best implement cybersecurity towards energy resiliency, from financial, security posture, and energy efficiency perspectives. Challenges and the current state of cyber investment modeling in this domain are presented along with technical details on ReCIst's ROCI model and future work.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.