TopIntroduction
Organizations are making huge investments in information technology. As the spending on IT increases, the awareness on the IT returns is becoming significant. Organizations are concerned on how their money invested in IT can be returned as a value (Ahmad & Arshad, 2014). Previous researches have investigated the effects of IT on profitability, efficacy, value of the company etc. One of the results of prior research is so-called „IT productivity paradox‟ from 1990s, the term that explained paradox as a discrepancy of the advances in computer technology and the productivity of firms. It practically means the following: the increase in technology investment does not produce increase in productivity. However, although main reason for investments in IT was to increase productivity and efficacy in the 1990s, modern business has spawned many other reasons for these investments. Reasons have changed and investments in IT are today reflected in the organization's strategic planning for competitiveness and survival.. Ahmad & Arshad (2014) identified five major factors that describe the IT investment values to the organizations: financial, operational, organizational, strategic, and service values. Principally, the question of justification of IT investment as well as investment optimization is very interesting among both scholars and practitioners. To select the optimal technical and organizational control that will be implemented in order to ensure system availability, investment should meet at least one of two criteria:
- •
To bring measurable financial benefits. In the case of investment in IS security, benefit is measured through avoidance of potential losses.
- •
There is a demand of regulatory bodies for the introduction of specific systems and technologies.
To estimate the financial benefit, it is necessary to predict the potential damage that may result from the failure of IT systems. Various mathematical models based on historical data can be used for prediction of the potential losses resulting from operational risks (including the risks related to the use of IT which presents the majority of operational risk in retail banks). Such models generally predict losses incurred as a result of events with great frequency because there is sufficient historical data base. However, a major problem of models based on historical data is the lack of data on small frequency events with a great influence on the business. As an adequate alternative, models based on probability have been developed. Bayesian Belief Networks are used as a tool for modeling in the field of information security and operational risks. Therefore, this chapter will provide brief overview of the literature regarding economic viability of investments in IS availability as well as seven methods for optimization of IT investments: return on investment, return on security investment, cost/benefit analysis, analytic hierarchy process, game theory, real options analysis, value at security risk.
TopEconomic Viability Of Investments In Is Availability
Although a lot of work has been done on the economic viability of investments in information systems (Schniederjans, Hamaker, & Schniederjans, 2004; Hamaker, 2009; Bardhan & Sougstad, 2004; Serafeimidis, 1997; Kumar, 2004) and investment in security of information systems and thus indirectly the investment in system availability, few papers explicitly considered the economic viability of investments in system availability. Gordon & Loeb (2002) developed the first model to estimate the investment in information security as a basis for concluding that it is most profitable to invest in the protection and prevention of threats that have medium impact on the security of information.