Business Requirements on IT Security (BRITS) is a framework that can assist IT dependent companies to hedge losses due to IT-perils financially. Using BRITS can help these companies to hedge IT perils in the same professional way as consequences of traditional perils like fire, flood, robbery are hedged and thereby secure shareholders' investments.
In the framework, the need for financial hedges and technical countermeasures against IT perils depends solely on the effect IT perils may have on the market value of the company; there are no other reasons for a commercial company to spend any of its resources on financial protection and IT security measures.
BRITS has utilized and developed existing financial hedge instruments to provide cover against financial consequences of IT perils. To be able to use these instruments, I have developed a tool that can interpret and convert financial loss exposures into IT security measures, and vice versa; it is a knowledge gateway between financial and security terminology.
The framework can, at least to some extent, make it possible to estimate the security awareness in existing IT-platforms. Based on that information, existing security measures can be "priced" as they may reduce the estimated maximum loss figures - and thereby the costs for the financial hedges.
Moreover, more cost-effective decisions can be made on additional IT-security measures. In addition, the IT systems and the IT security's importance in the business processes can be understood more easily. Finally, the costs for the damage exposure inherent in companies' business services or products can be estimated in a better way, and thereby be incorporated in the products' price.
Stockholm: Stockholm University, 1999. , 200 p.