The economics of information security investment

  title={The economics of information security investment},
  author={L. Gordon and M. Loeb},
  journal={ACM Trans. Inf. Syst. Secur.},
  • L. Gordon, M. Loeb
  • Published 2002
  • Economics, Computer Science
  • ACM Trans. Inf. Syst. Secur.
  • This article presents an economic model that determines the optimal amount to invest to protect a given set of information. The model takes into account the vulnerability of the information to a security breach and the potential loss should such a breach occur. It is shown that for a given potential loss, a firm should not necessarily focus its investments on information sets with the highest vulnerability. Since extremely vulnerable information sets may be inordinately expensive to protect, a… CONTINUE READING

    Figures and Topics from this paper.

    Explore Further: Topics Discussed in This Paper

    Economics of Information Security Investment in the Case of Simultaneous Attacks
    • 28
    • Highly Influenced
    • PDF
    The importance of information security spending: an economic approach
    • 5
    • Highly Influenced
    Fixed Costs, Investment Rigidities, and Risk Aversion in Information Security: A Utility-theoretic Approach
    • 24
    • PDF
    Optimal Investment in Information Security: A Business Value Approach
    • 4
    • Highly Influenced
    • PDF