mechanism for organizations to use in risk evaluations, depending on the size and expertise of the organization: . The study of computer security as an investment in risk avoidance has become standard practice.

In 2001, in an unrelated development, Lawrence A. Gordon and Martin P. Loeb published . A working paper of the published article was written in 2000. These professors, from Maryland's Smith School of Business, present a game-theoretic