Using the Capital Asset Pricing Model in Information Security Investments
Using the Capital Asset Pricing Model in Information Security Investments

Summary/Abstract: Interest in real option theory has intensified over the last decade due to the high uncertainty faced by some private and public organizations when deciding to make a strategic investment (competitive environment) or when faced with an external requirement of the organizational environment (ensuring security standards). Traditional methods of investment analysis define the existence of investment opportunity by net present value (NPV), ignoring the possibility that an investment will start from a certain moment in the future. In this way, it is not possible to capture the phenomenon in dynamics, which leads to limiting the possibility of solving the existing uncertainty over the time regarding the optimal use of resources. The need to optimize managerial strategies and give some flexibility to decision-makers in relation to the changes in the organization's external environment has triggered the real options analysis (ROA). By using ROA, a win-win situation is created in which the available policy options mitigate uncertainty fluctuations of updated net worth (based on new information available) and, at the same time, by applying the best strategy, maximize earnings. Information security systems are designed on a layered architecture and the decision to improve performance on each layer is the responsibility of strategic management. Being a modular system, it is recommended to build the architecture by stages, depending on the value of the assets. Also, the relatively long duration and costs of implementation, limited resources, irreversible character, and project risks determine the value and evaluation of the investment, involving its representation as a combined option associated with a succession of decisions. The proposed model is inspired from the theory of financial and real options, but also from the fuzzy logic. This approach seeks to anchor specific mechanisms for the study of asymmetric risk events in the security market (perfect market assumptions are of course limiting but provide a quick overview, which is essential for the proposed application). Using the capital asset pricing model (CAPM), the return on investments in the security of IT & C systems, by reference to the investment risk as the estimated value, is defined. Investors can take risks that can be broken down into two components: systematic risks and non-systemic risks. Systematic risk refers to the variability of income caused by external factors (macroeconomic conditions), being a measure of the relative market volatility of relative incomes. Unsystematic risk refers to income variability caused by unpredictable factors (mismanagement decisions, abrupt technologies overtaken). The depreciation of security investments is inherent and leads to the dilemma of small and frequent investments or major and rare investments. On this issue, the proposed model can provide solutions to decision-makers. Uncertainty, irreversibility, growth potential and competition are factors that influence the behavior and investment decision. We consider that by using the capital asset pricing model in the security investments associated with eLerning training systems, we can increase the precision of optimal investment in terms of risk and opportunity balancing.

• Details
• Contents