An Economic Analysis of Security Investment in Information Systems with Security Threats: A Stochastic Approach
The authors present an economic analysis of an information system with security threats. They categorize the types of threats and introduce a stochastic model to describe the occurrence of threats and their damage. The results of the stochastic analysis are used for analyzing the revenue and the average costs such as the loss cost, the repair cost, the recovery cost, and the holding cost. They present the NPV (Net Present Value) considering the security investment and the discount rate. In addition, they propose a parameter estimation method of the stochastic model and show a numerical example.