| Article ID: | iaor20103030 |
| Volume: | 34 |
| Issue: | 3 |
| Start Page Number: | 391 |
| End Page Number: | 400 |
| Publication Date: | Mar 2009 |
| Journal: | Journal of the Korean ORMS Society |
| Authors: | Kim Tae-Sung, Park Hyun-Min, Yang Won-Seok |
| Keywords: | portfolio management |
We develop a probability model to evaluate information security investment portfolios. We assume that organizations install portfolios of information security countermeasures to mitigate the damage such as loss of the transaction being processed, damage of hardware and data, etc. A queueing model and its expected value analysis are used to derive the lost cost of transactions being processed, the replacement cost of hardwares, and the recovery cost of data. The net present value for each portfolio is derived and organizations can select the optimal information security investment portfolio by comparing portfolios.