Optimal Timing of Information Security Investment: A Real Options Approach
This chapter applies real options analytic framework to firms' investment activity in information security technology and then a dynamic analysis of information security investment is explored by extending Gordon-Loeb (2002). The current research provides how firms have to respond to immediate or remote threat numerically. It shows that although positive drift of threat causes both larger and later investment expenditure, negative drift causes immediate investment and lower investment expenditure. The efficiency of vulnerability reduction technology encourages firms to invest earlier and induces cost reduction. To know the form of vulnerability is important because the effect of high vulnerability on timing and amount of the investment expenditure is mixed.
KeywordsInformation Security Real Option High Vulnerability Optimal Investment Risk Free Interest Rate
Unable to display preview. Download preview PDF.
- 1.Copeland, T., Antikarnov, V.: Real Options: A Practitioner’s guide. Texere (2001)Google Scholar
- 2.Dixit, A.K., Pindyck, R.S.: Investment Under Uncertainty. Princeton University Press (1994)Google Scholar
- 3.Gordon L.A., Loeb, M.P.: The economics of information security investment. ACM Transactions on Information and System Security 5(4), 438–457 (2002)Google Scholar
- 4.Gordon, L.A., Loeb, M.P., Lucyshyn, W.: Information security expenditures and real options: A wait-and-see approach. Computer Security Journal 19(2), 1–7 (2003)Google Scholar
- 5.Gal-Or, E., Ghose, A.: The economic incentives for sharing security information. Information Systems Research 16(2), 186–208 (2005)Google Scholar
- 6.Herath, H., Harath, T.: Investments in information security: A real options perspective with bayesian postaudit. Journal of Management Information Systems 25(3), 337–375 (2009)Google Scholar
- 7.Pindyck, R. S. (1991). Irreversibility, uncertainty, and investment. Journal of Economic Literature 29(3), 1110–1148.Google Scholar
- 8.Roundtable discussion in WEIS 2003 http://www.cpppe.umd.edu/rhsmith3/agenda.htmGoogle Scholar
- 9.Trigeorgis, L.: Real Options. MIT Press (1996)Google Scholar
- 10.Willemson, J.: On the Gordon & Loeb model for information security investment. In: Proceedings of the 5thWorkshop on the Economics of Information Security (WEIS). Cambridge, UK (2006)Google Scholar