A Risk and Cost-Benefit Assessment of Information Security Measures in Lubricating Oils Company

N. Dejdumrong, N. Anannavee, and T. Uttranadhi (Thailand)


Information Security, Information asset, Cost-Benefit Analysis, Incident Response Plan.


In the current situation of world economic and political uncertainty, risk assessment and management of a company is inevitably required as an obligation not just an option. Information security assessment is an important component of an effective risk management process. This paper proposes a technique how business should determine its information assets and justify the investments in information system protection by using the well-known technique called the cost-benefit analysis (CBA). In order to examine the technique, one of the lubricating oils companies is selected as a case study. Its system is then assessed and the information assets are determined. The security weak nesses or vulnerability of the systems have been defined. Finally, some potential solutions were recommended to be implemented. An incident response management including its associated plans is also introduced as an application of information security assessment. The result from this research indicated that the CBA technique can be used as an effective tool to optimize the IT security investment and prioritize the implementation.

Important Links:

Go Back