Managing Cybersecurity Resources: A Cost-Benefit Analysis (GENERAL FINANCE & INVESTING) - Hardcover

About the Authors

Lawrence A. Gordon, Ph. D., is the Ernst & Young Alumni Professor of Managerial Accounting and Information Assurance, at the University of Maryland's Smith School of Business. Gordon is one of the world’s leading experts and frequent speaker on the subjects of cybersecurity economics, capital investments, cost management systems and performance measures. He is also the Editor-in-Chief of the Journal of Accounting and Public Policy.

Martin P. Loeb, Ph.D., a professor of accounting and information assurance at the University of Maryland's Robert H. Smith School of Business, is also an affiliate professor at the University of Maryland Institute for Advanced Computer Studies. Loeb’s research on information security economics, mechanism design, and incentive regulation is internationally recognized, and has been published in leading academic journals in economics, computer science, and accounting.

From the Back Cover

Cost-benefit guidelines for efficiently allocating scarce resources to your organization's cybersecurity program

Cybersecurity breaches are a fact of life in today's interconnected world and the financial and business impact of unauthorized intrusions can be devastating. But how can you know if your firm is committing too much money, or not enough, to protect itself against such unseen hazards?

Managing Cybersecurity Resources provides you with hands-on analysis and answers on this vital question. An invaluable resource for information security managers tasked with establishing cybersecurity initiatives as well as financial managers who must determine how much to allocate to such initiatives, this focused yet wide-ranging book details:

• Models that quantify precisely how firms should decide on the right amount to spend on cybersecurity
• Concepts and empirical evidence for assessing the real costs of cybersecurity breaches
• Strategies for minimizing the impact of negative incidents on company valuation

The Internet is one of the great innovations of the past century. As with all innovations, it presents its users with both unprecedented opportunities and unavoidable perils. Managing Cybersecurity Resources outlines a cost-benefit framework for protecting your organization against the invasion of its information network while leaving you with the resources you need to compete and grow.

"Using economic considerations to drive cybersecurity investments is a relatively new phenomenon. It happened when it did in large measure due to the efforts of this book's authors. It's a great thing for security that they've distilled their work from the past several years into one straightforward, comprehensive discussion. As they say within its pages: 'the reality is that cybersecurity investments can, and should, be determined in a rational economic manner.' If you've got budgetary responsibilities for information security, you need to spend time with this book."
--Robert Richardson, Editorial Director, Computer Security Institute

Every day, your organization's information system is at risk of attack. And while many of these attacks are little more than harmless pranks, other more insidious assaults can wreak devastating economic and operational damages. Nobody questions that you must take tangible steps to protect the cybersecurity of your organization. Thus, the question becomes: What is such protection worth? How can you, with so many areas competing for your firm's limited resources, determine the optimal level of funding to adequately secure your information and computer systems? And, perhaps most important, how can you convince decision-makers as well as colleagues of the importance of maintaining this funding?

Managing Cybersecurity Resources details guidelines for using sound and measurable principles of cost-benefit analysis, as a compliment to gut instinct, to efficiently allocate and manage cybersecurity resources within your organization. Written by two globally acknowledged leaders in the increasingly critical area of cybersecurity, this comprehensive exploration presents:

• Key issues that impact the management of cybersecurity resources
• An economic framework for achieving sufficient cybersecurity protection
• The role risk plays in allocating cybersecurity resources
• A generic approach for making the business case for securing funding deemed necessary
• The growing role of cybersecurity in protecting national security