We develop a method to evaluate financial losses of enterprises caused by
breaks of information security systems. The method can be used to estimate the losses as
a result of the information system’s accidents (for example, computer attacks or
unauthorized intrusions). In addition, this method can evaluate the risk level of any
enterprise. As an illustration, a practical example of estimating financial losses based
upon a real-life case is presented. Some results of dynamic changes of variables involved
in the method are also shown.
Keywords: Computer attacks, enterprise, estimation, financial losses, hacker
attacks, information security systems, information system accidents, negative
impacts, risks, unauthorized intrusions.