Applying Real Options Thinking to Information Security in Networked Organizations

    Research output: Book/ReportReportProfessional

    158 Downloads (Pure)


    An information security strategy of an organization participating in a networked business sets out the plans for designing a variety of actions that ensure confidentiality, availability, and integrity of company’s key information assets. The actions are concerned with authentication and nonrepudiation of authorized users of these assets. We assume that the primary objective of security efforts in a company is improving and sustaining resiliency, which means security contributes to the ability of an organization to withstand discontinuities and disruptive events, to get back to its normal operating state, and to adapt to ever changing risk environments. When companies collaborating in a value web view security as a business issue, risk assessment and cost-benefit analysis techniques are necessary and explicit part of their process of resource allocation and budgeting, no matter if security spendings are treated as capital investment or operating expenditures. This paper contributes to the application of quantitative approaches to assessing risks, costs, and benefits associated with the various components making up the security strategy of a company participating in value networks. We take a risk-based approach to determining what types of security a strategy should include and how much of each type is enough. We adopt a real-options-based perspective of security and make a proposal to value the extent to which alternative components in a security strategy contribute to organizational resiliency and protect key information assets from being impeded, disrupted, or destroyed.
    Original languageUndefined
    Place of PublicationEnschede
    PublisherCentrum voor Telematica en Informatie Technologie
    Number of pages11
    Publication statusPublished - 2006

    Publication series

    NameCTIT Technical Report Series
    PublisherCentre for Telematics and Information Technology, University of Twente
    ISSN (Print)1381-3625


    • EWI-5703
    • IR-66175
    • SCS-Services
    • METIS-238658

    Cite this

    Daneva, M. (2006). Applying Real Options Thinking to Information Security in Networked Organizations. (CTIT Technical Report Series; No. 06-11). Enschede: Centrum voor Telematica en Informatie Technologie.