Costs and benefits of business information security

The article considers the process of information security from the position of cost-benefit assessment that allows to understand economic aspects of feasibility study of measures in the field of business information protection. In the practice of Russian business, the issues of information security are focused on compliance with regulatory requirements of the legislation. This leads to the fact that business entities neglect the procedure of comprehensive assessment of measures effectiveness that should consider the costs and benefits of legal, organizational, and technical information protection implementation. At the same time, in order to meet the new conditions of technological development of society, it is necessary to revise the concept of information protection of business entities and to fix in the policy of information security of activities the approaches to risk assessment based on assets value. The study contains a description of the cost/ benefit approach to the constituent components of ensuring information security of business process. To understand the economic aspects of information security, the research focuses on business entities of the market type of economic activity (the enterprise makes profit in its activity). The composition of components of the ensuring information security process has been defined. On the example of risk management costs and benefits of information security have been considered in detail.

1. Bareiko S.N., Kozhukhina K.A. Economic and information security of Russia in the digital economy. Science of Krasnoyarsk. 2019;5(8):7–18. https://doi.org/10.12731/2070-7568-2019-5-7-18 (In Russian).

2. Beautement A., Sasse A. The economics of user effort in information security. Computer Fraud & Security. 2009;10:8–12.

3. Bychkova S.M., Makarova N.N. Analysis of information security in the context of the economic security system of network interaction of subjects. ETAP: Economic Theory, Analysis, Practice. 2022;4:86–98. https://doi.org/10.24412/2071-6435-2022-4-86-98 (In Russian).

4. Chastikova V.A., Sheludko M.A. Implementation of an expert system to identify current threats to the security of enterprise information. Scientific works of KubSTU. 2022;3:80–89. (In Russian).

5. Gao X., Gong S., Wang, Y., Wang X., Qiu M. An economic analysis of information security decisions with mandatory security standards in resource sharing environments. Expert Systems with Applications. 2022;206:117894.

6. Huang C.D., Behara R.S. Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints. International Journal of Production Economics. 2012;1(141):255–268.

7. Korolev V.I., Gavrilov V.E. Information systems of the digital economy and approaches to ensuring their information security. High Availability Systems. 2019;1(15):38–46. DOI https://doi.org/10.18127/j20729472-201901-05

8. Krivoshlykov V.S., Zhakhov N.V., Fomicheva L.M. Managing threats to economic security: a review of theoretical concepts. Bulletin of the Kursk State Agricultural Academy. 2016;9:69–74. (In Russian).

9. Kulagina N.A., Chepikova E.M., Mugutdinov R.M. Mechanism for identifying threats to the economic security of a digital enterprise in an innovative business environment. Proceedings of the Southwestern State University. Series: Economics. Sociology. Management, 2022;1(12):115–126. https://doi.org/10.21869/2223-1552-2022-12-1-115-126 (In Russian).

10. Ledneva O.V. Development of digital economic transformation in the aspect of cybersecurity and privacy of Russian users. Issues of innovative economy. 2022;1(12):81–94. https://doi.org/10.18334/vinec.12.1.114255 (In Russian).

11. Oganesyan L.L., Kozyr N.S. Project management in information security. Bulletin of the Academy of Knowledge. 2023;4(57):207– 209. (In Russian).

12. Petrenko S.A. Assessment of cybersecurity costs. Proceedings of the Institute of System Analysis of the Russian Academy of Sciences. 2006;27:234–265. (In Russian).

13. Putyato M.M., Makaryan A.S. Cybersecurity as an integral attribute of multilevel protected cyberspace. Caspian Journal: Management and High Technologies. 2020;3(51):94–102. https://doi.org/10.21672/2074-1707.2020.51.1.094-102 (In Russian).

14. Sedykh N.V., Focanov I.P. Problems and prospects of artificial intelligence technology development. Natural sciences and humanities research. 2022;44(6):266–267. (In Russian).

15. Sozaeva D.A. Introduction of risk-oriented management of regulated purchases. Problems of theory and practice of management. 2021;9:33–47. https://doi.org/10.46486/0234-4505-2021-9-33-47 (In Russian).

16. Suslov S.A. The role of information technologies in increasing the competitiveness of regional markets. Discussion. 2015;8(60):45–49. (In Russian).

17. Tretyakova S.N. ESG-agenda of sustainable development in the conditions of new Russian realities. Economics: Theory and Practice. 2022;2(66):36–41. https://doi.org/10.31429/2224042X_2022_66_36 (In Russian).