Managing Cybersecurity Resources:

A Cost-Benefit Analysis


 By  Lawrence A. Gordon and Martin P. Loeb



Book Description

Cybersecurity breaches are a fact of life in today's interconnected world and the financial and business impact of unauthorized intrusions can be devastating. But how can you know if your firm is committing too much money, or not enough, to protect itself against such unseen hazards?

Managing Cybersecurity Resources provides you with hands-on analysis and answers on this vital question. An invaluable resource for information security managers tasked with establishing cybersecurity initiatives as well as financial managers who must determine how much to allocate to such initiatives, this focused yet wide-ranging book details:

  • Models that quantify precisely how firms should decide on the right amount to spend on cybersecurity
  • Concepts and empirical evidence for assessing the real costs of cybersecurity breaches
  • Strategies for minimizing the impact of negative incidents on company valuation

The Internet is one of the great innovations of the past century. As with all innovations, it presents its users with both unprecedented opportunities and unavoidable perils. Managing Cybersecurity Resources outlines a cost-benefit framework for protecting your organization against the invasion of its information network while leaving you with the resources you need to compete and grow. In essence, this book applies economic analysis to help solve problems associated with cybersecurity.  As such, the book falls under the domain of the emerging field of "cybersecurity economics."

"Using economic considerations to drive cybersecurity investments is a relatively new phenomenon. It happened when it did in large measure due to the efforts of this book's authors. It's a great thing for security that they've distilled their work from the past several years into one straightforward, comprehensive discussion. As they say within its pages: 'the reality is that cybersecurity investments can, and should, be determined in a rational economic manner.' If you've got budgetary responsibilities for information security, you need to spend time with this book."
--Robert Richardson, Editorial Director, Computer Security Institute

Every day, your organization's information system is at risk of attack. And while many of these attacks are little more than harmless pranks, other more insidious assaults can wreak devastating economic and operational damages. Nobody questions that you must take tangible steps to protect the cybersecurity of your organization. Thus, the question becomes: What is such protection worth? How can you, with so many areas competing for your firm's limited resources, determine the optimal level of funding to adequately secure your information and computer systems? And, perhaps most important, how can you convince decision-makers as well as colleagues of the importance of maintaining this funding?

Managing Cybersecurity Resources details guidelines for using sound and measurable principles of cost-benefit analysis, as a compliment to gut instinct, to efficiently allocate and manage cybersecurity resources within your organization. Written by two globally acknowledged leaders in the increasingly critical area of cybersecurity, this comprehensive exploration presents:

  • Key issues that impact the management of cybersecurity resources
  • An economic framework for achieving sufficient cybersecurity protection
  • The role risk plays in allocating cybersecurity resources
  • A generic approach for making the business case for securing funding deemed necessary
  • The growing role of cybersecurity in protecting national security

     -- Lawrence A. Gordon and Martin P. Loeb

Comments to the Author