Martin P. Loeb
ˇ@
Deloitte & Touche Faculty Fellow
Van Munching Hall 3351
Robert H. Smith School of Business
The University of Maryland
College Park, MD 20742, USA
Phone: (301) 405-2209

ˇ@

Book

Managing Cybersecurity Resources: A Cost-Benefit Analysis

ECONOMICS OF INFORMATION SECURITY INVESTMENT

This paper presents an economic model that characterizes the optimal monetary investment to protect a given set of information. It is shown that, for a given potential loss, the optimal amount to spend to protect an information set does not always increase with increases in the information setˇ¦s vulnerability. Protecting highly vulnerable information sets may be inordinately expensive, and a firm may be better off concentrating its efforts on information sets with midrange vulnerabilities. Moreover, the paper shows that the amount the firm should spend to protect information sets should generally be only a small fraction of the expected

This paper chronicles the development of economics of information security as an academic area of research. It also describes the contributions of the papers in the special section of this issue devoted to the topic.

ˇ@

ˇ@

ˇ@