By Topic

Valuing information security investment: A real options approach

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Jun Wan ; Dept. Manage., Northeastern Univ. at Qinhuangdao, Qinhuangdao, China ; Bin Ding ; YunFei Ren ; JiaXiang Zheng
more authors

Software vendors make their products more secure requires sufficient supporting investment. Decisions to invest in information security technology are often made based on an assessment of its immediate value to the organization. However an important source of value comes from the fact that such security technologies have the potential to be leveraged in the diminishing of future malicious attacks. Vendors need an analytical model that shows the process by which this potential is converted into business value. We discuss a software vender to invest in security technology before launching their production in the market as a sample, because security investments create growth options that can be exercised if and when an organization decides to develop security technologies to avoid malicious attacks. This paper develops a real option model to investigate the value of this information security investment opportunity which is able to handle the multiple uncertainties from market, software vulnerability and technological aspects. The uncertain market and software vulnerability announcements uncertain factors will be transformed into a security of software products value function which is incorporated with Geometric Brownian Motion and Jump process. Unlike the conventional jump-diffusion model, the jump in our model is designed as strictly negative to account for any soft vulnerability to be announced and will only work on the drift term for a direct loses to the underlying value. Moreover, we include the learning effect that will induce the cost reduction into the valuation. In particular, our study provides an operational approach to calculate the value of secure software.

Published in:

Business Intelligence and Financial Engineering (BIFE), 2012 Fifth International Conference on

Date of Conference:

18-21 Aug. 2012