Modelling and Analysis of Corporate Efficiency and Productivity Loss Associated with Enterprise Information Security Technologies

Date

2019-09-29

Advisors

Journal Title

Journal ISSN

ISSN

Volume Title

Publisher

Elsevier

Type

Article

Peer reviewed

Abstract

By providing effective access control mechanisms, enterprise information security technologies have been proven successful in protecting the sensitive information in business organizations. However, such security mechanisms typically reduce the work productivity of the staff, by making them spend time working on non-project related tasks. Therefore, organizations have to invest a signification amount of capital in the information security technologies, and then to continue incurring additional costs. In this study, we investigate the non-productive time (NPT) in an organization, resulting from the implementation of information security technologies. An approximate analytical solution is discussed first, and the loss of staff member productivity is quantified using non-productive time. Stochastic Petri nets are then used to provide simulation results. Moreover, sensitivity analysis is applied to develop a cost-effective strategy for mitigating the negative impact of implementing information security technologies. The presented study can help information security managers to make investment decisions, and to take actions toward reducing the cost of information security technologies, so that a balance is kept between information security expense, resource drain and effectiveness of security technologies.

Description

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.

Keywords

access control, non-productive time, queuing theory, stochastic Petri nets, security investment decision

Citation

Wen, Z., Maciej, K. (2019) Modelling and Analysis of Corporate Efficiency and Productivity Loss Associated with Enterprise Information Security Technologies. Journal of Information Security and Applications, 49, 102385.

Rights

Research Institute