Обґрунтування інвестицій в інформаційну безпеку: інтерпретація формули Блека – Шоулза
The article addresses the task of quantitatively determining and rationally justifying the volume of investment required to ensure the information security of nuclear energy facilities. As a methodological foundation, it proposes an interpretation of the Black–Scholes formula applicable to a broad c...
Збережено в:
| Дата: | 2025 |
|---|---|
| Автори: | , |
| Формат: | Стаття |
| Мова: | English |
| Опубліковано: |
State Scientific and Technical Center for Nuclear and Radiation Safety
2025
|
| Онлайн доступ: | https://nuclear-journal.com/index.php/journal/article/view/1277 |
| Теги: |
Додати тег
Немає тегів, Будьте першим, хто поставить тег для цього запису!
|
| Назва журналу: | Nuclear and Radiation Safety |
Репозитарії
Nuclear and Radiation Safety| Резюме: | The article addresses the task of quantitatively determining and rationally justifying the volume of investment required to ensure the information security of nuclear energy facilities. As a methodological foundation, it proposes an interpretation of the Black–Scholes formula applicable to a broad class of socio-technical systems – ranging from critical infrastructure facilities, organisations, and commercial enterprises to regional communities, nation-states, and supranational entities. Budgetary allocations for protective measures that constrain the critical threshold of admissible losses under the conditions of information security risk are conceptualised as the equivalent of the fair value of a put option.
The relevance of this task stems from the absence of a scientifically formalised mechanism for assessing cybersecurity expenditure – one that would be equally comprehensible to domain-specific experts and strategic-level decision-makers responsible for navigating uncertainty in investment contexts.
The transposition of option logic from the domain of financial analysis into the field of information security constitutes not merely a methodological borrowing, but an interdisciplinary expansion of the categorical apparatus of risk governance. Within this logic, a formalised interrelation is established between the value-related characteristics of the asset, the stochastic dynamics of threats, the threshold levels of potential loss, and the temporal parameters of budgetary planning – thereby yielding a reproducible metric for the adoption of scientifically grounded managerial decisions.
An illustrative example demonstrates the applicability of the proposed approach within the traditional risk-oriented paradigm of information security management, which rests upon the assumption of the potential predictability of threats. Within the boundaries of this paradigm, the approach may serve as a foundation for enhancing the scientific validity of strategic planning procedures related to information security measures. The results obtained may inform the development of specialised decision-support instruments, as well as the formulation of regulatory and methodological frameworks for budgeting and investment governance in the field of information security. |
|---|