Security Risk Management Approach for Improving Information Security Return of Investment

  • Xichun Li
  • Mahmoud Al-Shawabkeh
  • Zhiyuan Li
Conference paper
Part of the Springer Proceedings in Business and Economics book series (SPBE)


In particular, the reason when organisation competitors win business, is the gain of organisation sensitive and important data. This happen as results of having a local employee active as an agent inside the organisation or because of a persistent threat attack. The data sharing, data protection, data retention, data risk management, and personnel physical security are the responsibilities of the organisation Chief Security Officer (CSO), who solves the intellectual property theft problems before and when occurred, by combining approached of Information Risk Management (IRM) and Information Security Governance (ISG). In this paper, we propose a new novel security management approach that improve information security return of investment.


Information security Risk management Return of investment 


  1. 1.
    Mahmoud, A., & Xichun, L. (2017). A new counterfeiting approach: Computer security evaluation of fuel rationing system, in 2nd Joint International Mechanical. Electronic and Information Technology Conference (JIMET).Google Scholar
  2. 2.
    Al-Shawabkeh M., Xichun Li, Mohamed S. (2016). Leading Change: Adaption of Information Security in University Announcement System, Proceedings of the 2016 Joint International Information Technology, Mechanical and Electronic Engineering,, September 2016, ISBN 978-94-6252-234-3, ISSN 2352-5401, doi: 10.2991/jimec-16.2016.16
  3. 3.
    Brotby K. (2009). Information security governance: A practical development and implementation approach. Apr 2009, ISBN: 978-0-470-13118-3. John Wiley & Sons, Inc., Hoboken, New Jersey.Google Scholar
  4. 4.
    ISO/IEC27002:2013, Information technology – Security techniques – Code of practice for information security controls, code of practice for information security controls. International Organization for Standardization (ISO), Switzerland, (2013). p. 80.Google Scholar
  5. 5.
    FIPS-200, FIPS publication 200 minimum security requirements for federal information and information systems. (2006).Google Scholar
  6. 6.
    NIST-800-53, Security and privacy controls for Federal Information Systems and Organizations. National Institute of Standards and Technology. (2013).Google Scholar
  7. 7.
    N. I. of S. and T. S. P. (2002). NIST-SP-800-30, SP 800–30, Risk management guide for information technology systems.Google Scholar
  8. 8.
    De Haes, S. (2009). The risk IT practitioner guide. ISACA.

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Guangxi Normal University for NationalitiesChongzuoChina
  2. 2.National Defense University of MalaysiaKuala LumpurMalaysia
  3. 3.ChongQing Fivision TechnologyChongQingChina

Personalised recommendations