Economic Aspects of Controlling Capital Investments in Cyberspace Security for Critical Infrastructure Assets
By: William Lucyshyn, Lawrence A. Gordon, Ph.D., Martin P. Loeb, Ph.D.
A model is developed which demonstrates that control systems for investments in information security have a positive net economic impact on an organization. This positive effect is an increasing function of the degree of asymmetric information (related to moral hazard and adverse selection) between Chief Security Officers and Chief Financial Officers within an organization. The role of externalities is also explored in the context of the model.