This book explores the strategic decisions made by organizations when implementing cybersecurity controls and leveraging economic models and theories from the economics of information security and risk-management frameworks.

Based on unique and distinct research completed within the field of risk-management and information security, this book provides insight into organizational risk-management processes utilized in determining cybersecurity investments. It describes how theoretical models and frameworks rely on either specific scenarios or controlled conditions and how decisions on cybersecurity spending within organizations-specifically, the funding available in comparison to the recommended security measures necessary for compliance-vary depending on stakeholders. As the trade-off between the costs of implementing a security measure and the benefit derived from the implementation of security controls is not easily measured, a business leader's decision to fund security measures may be biased. The author presents an innovative approach to assess cybersecurity initiatives with a risk-management perspective and leverages a data-centric focus on the evolution of cyber-attacks.

This book is ideal for business school students and technology professionals with an interest in risk management.