Martin P. Loeb
¡@
Deloitte & Touche Faculty Fellow
Van Munching Hall 3351
Robert H. Smith School of Business
The University of Maryland
College Park, MD 20742, USA
Phone: (301) 405-2209

¡@

Book

Managing Cybersecurity Resources: A Cost-Benefit Analysis

BUDGETING PROCESS FOR SECURITY INVESTMENT

This paper provides empirical evidence concerning the way organizations budget for information security expenditures. The findings from this study indicate that economic concepts, such as NPV and cost-benefit analysis, are beginning to gain acceptance from senior information security managers in budgeting for information security expenditures.

Drawing on and extending the extant agency-based capital budgeting literature, this paper demonstrates the relevance of the study of management accounting controls to problems arising in the cybersecurity setting. The main finding is that firms can use an information security audit (which is an integral part of a management control system) along with adjustments to the compensation payments to the agent and the investment decision rules, to mitigate a Chief Information Security Officer¡¦s inherent empire building preferences. The paper also identifies additional research areas where management accountants with expertise in management control systems can contribute to the academic literature and practice surrounding cybersecurity issues.

¡@

¡@

¡@

¡@

¡@

¡@