期刊
JOURNAL OF MANAGEMENT INFORMATION SYSTEMS
卷 25, 期 3, 页码 337-375出版社
ROUTLEDGE JOURNALS, TAYLOR & FRANCIS LTD
DOI: 10.2753/MIS0742-1222250310
关键词
Bayesian revisions; conjugate prior distributions; economics of information security; information security investments; postaudit; real options; return on investment; ROC curves
The application of real options techniques to information security is significantly different than in the case of general information technology investments due to characteristics unique to information security. Emerging research in the economics of information security has suggested real options analysis (ROA) as a potential technique for assessing the value of information security assets, but has focused primarily on the most effective level of investment and the configuration of intrusion prevention/detection systems. In this paper, we attempt to address significant gaps ill the literature by developing an integrated real options model for information security investments using Bayesian statistics that Incorporates learning and postauditing in the analysis. By using the proposed model with actual data on e-mail and Spain, we demonstrate that ROA with Bayesian postauditing offers a systematic valuation and risk management framework for evaluating information security spending by firms. We also discuss the managerial implications.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据