Optimal Spending on Cybersecurity Measures

This book explores the strategic decisions made by organizations when implementing cybersecurity controls, leveraging economic models and theories from the economics of information security and risk management frameworks. Based on unique and distinct research completed within the field of risk management and information security, this book provides insight into organizational risk management processes utilized in determining cybersecurity investments. It looks at how theoretical models and frameworks rely on either specific scenarios or controlled conditions, and how decisions on cybersecurity spending within organizations, specifically the funding available in comparison to the recommended security measures necessary for compliance, vary depending on stakeholders. As the trade-off between the costs of implementing a security measure and the benefit derived from the implementation of the security control is not easily measured, a business leader's decision to fund security measures may be biased. The author presents an innovative approach to assess cyber security initiatives with a risk management perspective and leverages a data-centric focus on the evolution of cyber-attacks. This book is ideal for business school students and technology professionalswith an interest in risk management--