Justifying investments in new information technologies
Journal of Management Information Systems
Strategic management of information technology investments: an options perspective
Strategic information technology management
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
A Case for Using Real Options Pricing Analysis to Evaluate Information Technology Project Investment
Information Systems Research
Real Options and IT Platform Adoption: Implications for Theory and Practice
Information Systems Research
The Value of Intrusion Detection Systems in Information Technology Security Architecture
Information Systems Research
Journal of Management Information Systems
A Framework for Assessing the Business Value of Information Technology Infrastructures
Journal of Management Information Systems
Prioritizing a Portfolio of Information Technology Investment Projects
Journal of Management Information Systems
On the Valuation of Multistage Information Technology Investments Embedding Nested Real Options
Journal of Management Information Systems
Managing Information Technology Investment Risk: A Real Options Perspective
Journal of Management Information Systems
Intrusion Prevention in Information Systems: Reactive and Proactive Responses
Journal of Management Information Systems
Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers
Journal of Management Information Systems
Security metrics and security investment models
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
A Study of Sourcing Channels for Electronic Business Transactions
Journal of Management Information Systems
Hacker Behavior, Network Effects, and the Security Software Market
Journal of Management Information Systems
IT security auditing: A performance evaluation decision model
Decision Support Systems
Hi-index | 0.00 |
The application of real options techniques to information security is significantly different than in the case of general information technology investments due to characteristics unique to information security. Emerging research in the economics of information security has suggested real options analysis (ROA) as a potential technique for assessing the value of information security assets, but has focused primarily on the most effective level of investment and the configuration of intrusion prevention/detection systems. In this paper, we attempt to address significant gaps in the literature by developing an integrated real options model for information security investments using Bayesian statistics that incorporates learning and postauditing in the analysis. By using the proposed model with actual data on e-mail and spam, we demonstrate that ROA with Bayesian postauditing offers a systematic valuation and risk management framework for evaluating information security spending by firms. We also discuss the managerial implications.