Investments in Information Security : A Real Options Perspective with Bayesian Postaudit
The application of real options techniques to information security is significantly different than in the case of general information technology investments due to characteristics unique to information security. Emerging research in the economics of information security has suggested real options an...
| Main Authors: | , |
|---|---|
| Format: | Journal Article |
| Language: | EN |
| Published: |
2012
|
| Online Access: | http://hdl.handle.net/10986/5244 |
| id |
okr-10986-5244 |
|---|---|
| recordtype |
oai_dc |
| spelling |
okr-10986-52442021-04-23T14:02:21Z Investments in Information Security : A Real Options Perspective with Bayesian Postaudit Herath, H. S. B. Herath, T. C. The application of real options techniques to information security is significantly different than in the case of general information technology investments due to characteristics unique to information security. Emerging research in the economics of information security has suggested real options analysis (ROA) as a potential technique for assessing the value of information security assets, but has focused primarily on the most effective level of investment and the configuration of intrusion prevention/detection systems. In this paper, we attempt to address significant gaps ill the literature by developing an integrated real options model for information security investments using Bayesian statistics that Incorporates learning and postauditing in the analysis. By using the proposed model with actual data on e-mail and Spain, we demonstrate that ROA with Bayesian postauditing offers a systematic valuation and risk management framework for evaluating information security spending by firms. We also discuss the managerial implications. 2012-03-30T07:31:57Z 2012-03-30T07:31:57Z 2008 Journal Article Journal of Management Information Systems 0742-1222 http://hdl.handle.net/10986/5244 EN http://creativecommons.org/licenses/by-nc-nd/3.0/igo World Bank Journal Article |
| repository_type |
Digital Repository |
| institution_category |
Foreign Institution |
| institution |
Digital Repositories |
| building |
World Bank Open Knowledge Repository |
| collection |
World Bank |
| language |
EN |
| relation |
http://creativecommons.org/licenses/by-nc-nd/3.0/igo |
| description |
The application of real options techniques to information security is significantly different than in the case of general information technology investments due to characteristics unique to information security. Emerging research in the economics of information security has suggested real options analysis (ROA) as a potential technique for assessing the value of information security assets, but has focused primarily on the most effective level of investment and the configuration of intrusion prevention/detection systems. In this paper, we attempt to address significant gaps ill the literature by developing an integrated real options model for information security investments using Bayesian statistics that Incorporates learning and postauditing in the analysis. By using the proposed model with actual data on e-mail and Spain, we demonstrate that ROA with Bayesian postauditing offers a systematic valuation and risk management framework for evaluating information security spending by firms. We also discuss the managerial implications. |
| format |
Journal Article |
| author |
Herath, H. S. B. Herath, T. C. |
| spellingShingle |
Herath, H. S. B. Herath, T. C. Investments in Information Security : A Real Options Perspective with Bayesian Postaudit |
| author_facet |
Herath, H. S. B. Herath, T. C. |
| author_sort |
Herath, H. S. B. |
| title |
Investments in Information Security : A Real Options Perspective with Bayesian Postaudit |
| title_short |
Investments in Information Security : A Real Options Perspective with Bayesian Postaudit |
| title_full |
Investments in Information Security : A Real Options Perspective with Bayesian Postaudit |
| title_fullStr |
Investments in Information Security : A Real Options Perspective with Bayesian Postaudit |
| title_full_unstemmed |
Investments in Information Security : A Real Options Perspective with Bayesian Postaudit |
| title_sort |
investments in information security : a real options perspective with bayesian postaudit |
| publishDate |
2012 |
| url |
http://hdl.handle.net/10986/5244 |
| _version_ |
1764394436300636160 |