Making Cost Effective Security Decision with Real Option Thinking

One of the major challenges in IT security management is determining how much to spend and where to spend. This requires understanding of the economic issues regarding IT security. Real option analysis presents a viable alternative to traditional economic tools in planning and valuing security investment in uncertain environment. This paper illustrates how decision makers can use real option thinking to articulate and compare different security solutions in terms of their business value in an environment characterized by high levels of uncertainty.

[1]  F. Black,et al.  The Pricing of Options and Corporate Liabilities , 1973, Journal of Political Economy.

[2]  S. Ross,et al.  Option pricing: A simplified approach☆ , 1979 .

[3]  Ross Westerfield Joedan Fundamentals of Corporate Finance, 7th Edition , 1991 .

[4]  Robert J. Kauffman,et al.  A Case for Using Real Options Pricing Analysis to Evaluate Information Technology Project Investments , 1999, Inf. Syst. Res..

[5]  Hakan Erdogmus,et al.  Quantitative approaches for assessing the value of COTS-centric development , 1999, Proceedings Sixth International Software Metrics Symposium (Cat. No.PR00403).

[6]  Ross J. Anderson Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.

[7]  R. Power CSI/FBI computer crime and security survey , 2001 .

[8]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[9]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[10]  Lawrence A. Gordon,et al.  Information Security Expenditures and Real Options: A Wait-and-See Approach , 2003 .

[11]  Janice L. Davis Digital Capital: Harnessing the Power of Business Webs , 2004 .

[12]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[13]  Eduardo S. Schwartz,et al.  Real Options and Investment under Uncertainty: Classical Readings and Recent Contributions , 2004 .

[14]  Varun Grover,et al.  Communicating the value of uncertain information technology investments using an options approach , 2005, Int. J. Bus. Inf. Syst..

[15]  Frank Riedel,et al.  On Irreversible Investment , 2006 .

[16]  Maia Daneva,et al.  Applying Real Options Thinking to Information Security in Networked Organizations , 2006 .

[17]  Xiaomeng Su,et al.  An Overview of Economic Approaches to Information Security Management , 2006 .