Publication | Closed Access
The economics of information security investment
1.3K
Citations
28
References
2002
Year
EngineeringInformation SecurityInformation Security EducationOptimal AmountInformation Security InvestmentEconomic ModelRisk ManagementCyber InsuranceSecurity ManagementSecurity AnalysisAccountingFinanceData SecurityInformation Security ManagementBusinessSecuritySecurity BreachFinancial EngineeringEconomics Of Information
The article develops an economic model to determine optimal investment levels for protecting information sets. The model incorporates information vulnerability and potential loss from breaches to calculate optimal investment. The analysis shows that firms should not always target the most vulnerable information; instead, they should focus on mid‑range vulnerabilities and invest only a small fraction of the expected loss to maximize benefits.
This article presents an economic model that determines the optimal amount to invest to protect a given set of information. The model takes into account the vulnerability of the information to a security breach and the potential loss should such a breach occur. It is shown that for a given potential loss, a firm should not necessarily focus its investments on information sets with the highest vulnerability. Since extremely vulnerable information sets may be inordinately expensive to protect, a firm may be better off concentrating its efforts on information sets with midrange vulnerabilities. The analysis further suggests that to maximize the expected benefit from investment to protect information, a firm should spend only a small fraction of the expected loss due to a security breach.
| Year | Citations | |
|---|---|---|
Page 1
Page 1