• Gordon, Lawrence A. and Martin P. Loeb, “The Economics of Information Security Investment,” ACM Transactions on Information and System Security, November 2002, pp. 438-457.

This paper presents an economic model that characterizes the optimal monetary investment to protect a given set of information. It is shown that, for a given potential loss, the optimal amount to spend to protect an information set does not always increase with increases in the information set’s vulnerability. Protecting highly vulnerable information sets may be inordinately expensive, and a firm may be better off concentrating its efforts on information sets with midrange vulnerabilities. Moreover, the paper shows that the amount the firm should spend to protect information sets should generally be only a small fraction of the expected

• Gordon, L. A., M. P. Loeb, “Economic Aspects of Information Security: An Emerging Field of Research,” Information System Frontiers, Vol. 8, No. 5, 2006, pp. 335-337.

This paper chronicles the development of economics of information security as an academic area of research. It also describes the contributions of the papers in the special section of this issue devoted to the topic.