Information Security Management relates to issues about information security in firms since data security has become a major concern. Due to the scarcity of resources, the resources employed guarantying the Information Security management (ISM) must be taken into account. This means that economics of resources must be considered to ensure that the IMS systems best suites the interest of the firm while taking into account the cost benefit analysis. The IMS must remain effective and efficient over a long duration time whilst at the same time be adaptable to external and internal chances within an organization. Since the information, technology is evolving daily, and information security is a priority to many firms, this makes ISM a noble investment for any firm.
Bad IMS design and bad incentives are the major causes of security failure. Security issues in a firm's organization are a strategic issue that needs critical planning, implementation and evaluation to ensure that the ISM system achieves its intended purpose. Microeconomic theory plays critical role while planning, implementing and monitoring the Information Security management. The importance of economics in ISM is a young discipline that entails application of several economic theories in the practical ISM applications and solving ISM problems. The security systems entail computer system deployment and designs that must be aligned by using all the available economic resources.
While considering the economics in ISM, it is imperative to note that security challenges are not easily be measured. The risks are only accounted for if they are measured in an improved way. In ISM, the insecure software is a major cause of insecurity and they have saturated the market. In the market, many buyers cannot easily differentiate between genuine and fake software and this poses a great threat. The developers of the genuine software are not paid adequately for their efforts since the fake software thwarts their efforts. Firms can secure their ISM against insecurity and this can play a critical role in ensuring successful security. More so, software developers if sufficiently rewarded can ensure that the insecurity of ISM is overcame.
Economics plays a critical role in guarantying that a firm's ISM achieves its goals. If a firm can have sufficient economic resources to buy original software and be able to install the original computer programs results to an effective ISM. According to Camp and Lewis (2004), "the importance of effective management of IT security from an economics perspective has increased in recent years due to increasing frequency and cost of security breaches" (p. 71). This is an indication that presently, security and economics are an interrelated discipline that works together to achieve certain present conditions.
One experience I have that displayed the importance of economics in Information management involved a situation where the Information Technology Manager was required to establish a strategic policy to improve the security of the firm's information within the extranet. The manager carried out extensive market research and development and presented to the general manager the required budget. The general manager complained about the budget being too high. After consultations, the general manager agreed with the IT manager and the extranet was established.
It was compatible with the internal and external environment requirements besides being easily compatible with the future changes. This strategy offered strength to the firm and remained at a competitive advantage over other firms that employed a low budget but installed a poor intranet. It is noted, "The growing interest in the economics of cyber security reflects in part of the question of the role the economic forces play in shaping the investment and attention that organization pay to improving security" (Stolfo, Bellovin & Hershkop, 2008, p. 206).