Investments in Information Security: A Real Options Perspective with Bayesian Postaudit

Journal of Management Information Systems, Winter 2008-9, Vol. 25, No. 3, pp. 337-375

40 Pages Posted: 26 Feb 2018 Last revised: 27 Feb 2018

See all articles by Hemantha Herath

Hemantha Herath

Brock University

Tejaswini Herath

Brock University - Department of Finance, Operations and Information Systems (FOIS)

Date Written: February 14, 2018

Abstract

The application of real options techniques to information security is significantly different than in the case of general information technology investments due to characteristics unique to information security. Emerging research in the economics of information security has suggested real options analysis (ROA) as a potential technique for assessing the value of information security assets, but has focused primarily on the most effective level of investment and the configuration of intrusion prevention/detection systems. In this paper, we attempt to address significant gaps in the literature by developing an integrated real options model for information security investments using Bayesian statistics that incorporates learning and post-auditing in the analysis. By using the proposed model with actual data on e‑mail and spam, we demonstrate that ROA with Bayesian post-auditing offers a systematic valuation and risk management framework for evaluating information security spending by firms. We also discuss the managerial implications.

Keywords: Bayesian revisions, conjugate prior distributions, economics

JEL Classification: M1, M15

Suggested Citation

Herath, Hemantha and Herath, Tejaswini, Investments in Information Security: A Real Options Perspective with Bayesian Postaudit (February 14, 2018). Journal of Management Information Systems, Winter 2008-9, Vol. 25, No. 3, pp. 337-375, Available at SSRN: https://ssrn.com/abstract=3123859

Hemantha Herath (Contact Author)

Brock University ( email )

St. Catharines, Ontario L2S 3A1
Canada

Tejaswini Herath

Brock University - Department of Finance, Operations and Information Systems (FOIS) ( email )

Ontario, L2S 3A1
Canada

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
20
Abstract Views
500
PlumX Metrics