Information Systems Frontiers

, Volume 14, Issue 5, pp 1061–1077 | Cite as

Using time-driven activity-based costing to manage digital forensic readiness in large organisations

  • K. Reddy
  • H. S. Venter
  • M. S. Olivier


A digital forensic readiness (DFR) programme consists of a number of activities that should be chosen and managed with respect to cost constraints and risk. Traditional cost systems, however, can not provide the cost of individual activities. This makes it difficult or impossible for organisations to consider cost when making decisions about specific activities. In this paper we show that the relatively new cost system, time-driven activity-based costing (TDABC), can be used to determine the cost of implementing and managing activities required for DFR. We show through analysis and simulation that the cost information from a TDABC model can be used for such decisions. We also discuss some of the factors that ought to be considered when implementing or managing the use of TDABC in a large organisation.


Digital forensic readiness Time-driven activity-based costing Forensics management Cost management 


  1. Accenture, How Global Organizations Approach the Challenge of Protecting Personal Data (2009). Available at
  2. Bahli, B., & Rivard, S. (2005). Validating measures of information technology outsourcing risk factors. OMEGA—The International Journal of Management Science, 33, 175–187.CrossRefGoogle Scholar
  3. Bain, L. J., & Engelhardt, M. (1992). Introduction to probability and mathematical statistics (2nd ed., p. 115). Boston: PWS-KENT Publishing Company.Google Scholar
  4. Beekman, J. (2007). Activity-based costing of IT. In Proc IEEE International Conference on Exploring Quantifiable IT Yields, Amsterdam, Netherlands.Google Scholar
  5. Brimson, J. A. (1991). Activity accounting: An activity-based costing approach (pp. 7–10). New York: Wiley.Google Scholar
  6. Butler, S. A. (2002). Security attribute evaluation method: a cost-benefit approach. In Proc 24th International Conference on Software Engineering, Orlando, Florida, USA.Google Scholar
  7. Casey, E. (2005). Case study: network intrusion investigation—lessons in forensic preparation. Digital Investigation, 2, 254–260.CrossRefGoogle Scholar
  8. Dalci, I., Tanis, V., & Kosan, L. (2010). Customer profitability analysis with time-driven activity-based costing: a case study in a hotel. International Journal of Contemporary Hospitality Management, 22(5), 609–637.CrossRefGoogle Scholar
  9. Everaert, P., & Bruggeman, W. (2007). Time-driven activity-based costing: exploring the underlying model. Cost Management, 21(2), 16–20.Google Scholar
  10. Everaert, P., Bruggeman, W., Sarens, G., Anderson, S. R., & Levant, Y. (2008). Cost modeling in logistics using time-driven ABC—Experiences from a wholesaler. International Journal of Physical Distribution & Logistics Management, 38(2), 172–191.CrossRefGoogle Scholar
  11. Garrison, R. H., Noreen, E. W., & Brewer, P. C. (2006). Managerial accounting (11th ed., p. 4). Boston: McGraw-Hill.Google Scholar
  12. Glick, N. D., Craig Blackmore, C., & Zelman, W. N. (2000). Extending simulation modeling to activity-based costing for clinical procedures. Journal of Medical Systems, 24(2), 77–89.CrossRefGoogle Scholar
  13. Gerlach, J., Neumann, B., Moldauer, E., Argo, M., & Frisby, D. (2002). Determining the cost of IT services. Communications of the ACM, 45(9), 61–67.CrossRefGoogle Scholar
  14. Gosselin, M. (2006). A review of activity-based costing: technique. Implementation, and Consequences, Handbook of Management Accounting Research, 2, 641–671.Google Scholar
  15. Greenfield, R., & Tichenor, C. (2009). A model to quantify the return on information assurance. CrossTalk—The Journal of Defense Software Engineering, 22(2), 18–22.Google Scholar
  16. Gunarsekaran, A. (1999). A framework for the design and audit of an activity-based costing system. Managerial Auditing Journal, 14(3), 118–126.CrossRefGoogle Scholar
  17. Heitger, D. L. (2007). Estimating activity costs: how the provision of accurate historical activity data from a biased cost system can improve individuals’ cost estimation accuracy. Behavioral Research in Accounting, 19, 133–160.CrossRefGoogle Scholar
  18. Helberg, C., Galletly, J. E., & Bicheno, J. R. (1994). Simulating activity-based costing. Industrial Management & Data Systems, 94(9), 3–9.CrossRefGoogle Scholar
  19. Higher Education Information Security Council, Incident Cost Analysis and Modeling Project (ICAMP) Final Report 1, Committee on Institutional Cooperation (CIC) Security Working Group, Higher Education Information Security Council, USA, (1988). Available at:
  20. Higher Education Information Security Council, Incident Cost Analysis and Modeling Project (ICAMP) Final Report 2, Committee on Institutional Cooperation (CIC) Security Working Group, Higher Education Information Security Council, USA, (2000). Available at:
  21. Iltuzer, Z., Tas, O., & Gozlu, S. (2007). Implementation of activity-based costing in e-Businesses. In Proc PICMET 2007, Portland, Oregon, USA.Google Scholar
  22. JExcelApi, Java Excel API, See
  23. Jones, R. L. (1998). Activity-based costing (ABC) in army garrisons. Armed Forces Comptroller, 43(4), 11–15.Google Scholar
  24. Kaplan, R. S., & Anderson, S. R. (2004). Time-driven activity-based costing. Harvard Business Review, 82(11), 131–138.Google Scholar
  25. Kaplan, R. S., & Anderson, S. R. (2007a). The innovation of time-driven activity-based costing. Cost Management, 21(2), 5–15.Google Scholar
  26. Kaplan, R. S., & Anderson, S. R. (2007b). Time-driven activity-based costing: A simpler and more powerful path to higher profits (pp. 3–18). Boston: Harvard Business School Press.Google Scholar
  27. L’Ecuyer, P. & Buist, E. (2005). Simulation in Java with SSJ, in Proc 2005 Winter Simulation Conference. Orlando, Florida, USA.Google Scholar
  28. Leslie Gardner, L., Grant, M. E., & Rolston, L. J. (2000). Using simulation to benchmark traditional vs. activity-based costing in product mix decisions. In Proc 1994 Winter Simulation Conference, Orlando, Florida, USA.Google Scholar
  29. Kruse, W. G., & Heiser, J. G. (2001). Computer forensics: Incident response essentials (p. 1). Boston: Addison-Wesley Professional.Google Scholar
  30. Malmi, T. (1997). Towards explaining activity-based costing failure: accounting and control in a decentralized organization. Management Accounting Research, 8, 459–480.CrossRefGoogle Scholar
  31. Mercuri, R. T. (2003). Analyzing Security Costs. Communications of the ACM, 46(6), 15–18.CrossRefGoogle Scholar
  32. Ooi, G., & Soh, C. (2003). Developing an activity-based costing approach for system development and implementation. The DATA BASE for Advances in Information Systems, 34(3), 54–71.CrossRefGoogle Scholar
  33. Peters, S. (2009). 14th annual CSI computer crime and security survey executive summary. New York: Computer Security Institute.Google Scholar
  34. Ponemon, L. (2006). Annual study: Cost of a data breach, Ponemon Institute, October, 2006. Available at
  35. Qian, L., & Ben-Arieh, D. (2008). Parametric cost estimation based on activity-based costing: A case study for design and development of rotational parts. International Journal of Production Economics, 113, 805–818.CrossRefGoogle Scholar
  36. Rowlingson, R. (2004). A ten step process for forensic readiness. International Journal of Digital Evidence, 2(3), 1–28.Google Scholar
  37. Savola, R. M. (2007). Towards a taxonomy for information security metrics. In Proc 2007 ACM Workshop on Quality of Protection, Alexandria, Virginia, USA.Google Scholar
  38. South Africa, Regulation of Interception of Communications and Provision of Communication-related Information Act (2002). Available at
  39. Stewart, B. (1999). Privacy impact assessment: towards a better informed process for evaluating privacy issues arising from new technologies. Privacy Law & Policy Reporter, 5(8), 147–149. Available at Scholar
  40. Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk management guide for information technology systems—Recommendations of the national institute of standards and technology. Falls Church: National Institute of Standards and Technology.Google Scholar
  41. Sun, Y., Zhao, S., Liu, W., & Xu, H. (2007). Research on a manufacturing cost estimating method based on ABC for aeronautic product. In Proc International Conference on Wireless Communications, Networking and Mobile Computing, Shanghai.Google Scholar
  42. Szychta, A. (2010). Time-driven activity-based costing in service industries. Social Sciences/Socialiniai mokslai, 67(1), 49–60.Google Scholar
  43. Tichenor, C. (2007). A model to quantify the return on investment of information assurance. The DISAM Journal of International Security Assistance Management, 29(3), 125–134.Google Scholar
  44. UcedaVelez, T. (2008). What’s the return on your security investment? The Journal of Corporate Accounting & Finance, 19(5), 61–67.CrossRefGoogle Scholar
  45. Université de Montréal, SSJ. Stochastic Simulation in Java, See
  46. von Beck, U. & Nowa, J. W. (2000). The merger of discrete event simulation with activity based costing for cost estimation in manufacturing environments. In Proc 2000 Winter Simulation Conference, Orlando, Florida, USA.Google Scholar
  47. Yasinsac, A. & Manzano, Y. (2001). Policies to enhance computer and network forensics. In Proc 2001 IEEE Workshop on Information Assurance and Security, New York, USA.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  1. 1.Information and Computer Security Architectures Research Group, Department of Computer ScienceUniversity of PretoriaPretoriaSouth Africa

Personalised recommendations