Browse by author
Lookup NU author(s): Dr Wen Zeng, Professor Maciej KoutnyORCiD
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License (CC BY-NC-ND).
By providing effective access control mechanisms, enterprise information security technologies have been proven successful in protecting the sensitive information in business organizations. However, such security mechanisms typically reduce the work productivity of the staff, by making them spend time working on non-project related tasks. Therefore, organizations have to invest a signification amount of capital in the information security technologies, and then to continue incurring additional costs. In this study, we investigate the non-productive time (NPT) in an organization, resulting from the implementation of information security technologies. An approximate analytical solution is discussed first, and the loss of staff member productivity is quantified using non-productive time. Stochastic Petri nets are then used to provide simulation results. Moreover, sensitivity analysis is applied to develop a cost-effective strategy for mitigating the negative impact of implementing information security technologies. The presented study can help information security managers to make investment decisions, and to take actions toward reducing the cost of information security technologies, so that a balance is kept between information security expense, resource drain and effectiveness of security technologies.
Author(s): Zeng W, Koutny M
Publication type: Article
Publication status: Published
Journal: Journal of Information Security and Applications
Year: 2019
Volume: 49
Print publication date: 01/12/2019
Online publication date: 25/09/2019
Acceptance date: 09/09/2019
Date deposited: 27/09/2019
ISSN (print): 2214-2126
ISSN (electronic): 2214-2134
Publisher: Elsevier Advanced Technology
URL: https://doi.org/10.1016/j.jisa.2019.102385
DOI: 10.1016/j.jisa.2019.102385
Altmetrics provided by Altmetric
