Managerial flexibility and competitive interaction in investment decisions : a discrete-time agency theoretic perspective

JEL Classification System: C70; G31; G32.This work intends to incorporate into a unified perspective three different fields of corporate finance: the managerial flexibility present in investment projects through the so-called real options models; the existence of agency costs as a result of financing strategies that rely in a mix between equity and debt; the existence of competition between firms, in non-purely competitive markets, through game theory. The aim of this work is to produce an integrated perspective of analysis that constitutes a value added to the literature, bringing new angles of approach to these issues. Indeed, to date, the link between these different aspects that affect managerial decisions in competitive markets is not yet established in a unified point of view. As such, we believe that the connection established in the present research may contribute to an improved understanding of that decision-making process. The work comprises two fundamental components. First, a theoretical review of concepts and latest developments in each of the different themes which are later combined. After such review, a discrete-time model that makes the connection between these theories is developed. Such model departs from the analysis of Mauer and Ott (2000) and Smit and Trigeorgis (2004). Afterwards, a numerical simulation is performed and the findings from such analysis are described. The results, from the simulation performed show that the existence of competition in non-purely competitive markets does produce a significant impact in managerial decisions.Este trabalho pretende incorporar numa perspectiva unificada três diferentes temáticas das finanças empresariais: a flexibilidade operacional presente em projectos de investimento através dos denominados modelos de opções reais; a existência de custos de agência em consequência de estratégias de financiamento que recorrem a capitais próprios e a capitais alheios; a concorrência entre empresas, em mercados não puramente concorrenciais, analisada através da teoria de jogos. Pretende-se com este trabalho trazer uma perspectiva integradora de análise que constitua uma mais valia para a literatura e que permite trazer novos prismas de abordagem a estas questões. Com efeito, até ao presente, a ligação entre estes diferentes aspectos, que afectam a tomada de decisões empresariais em mercados concorrenciais, ainda não se encontra estabelecida de uma forma unificada. Como tal, julgamos que a ligação aqui estabelecida pode contribuir para uma melhoria na compreensão dessa mesma tomada de decisões. O trabalho desenvolvido inicia-se com uma revisão teórica dos principais conceitos e desenvolvimentos mais recentes em opções reais, teoria da agência e teoria dos jogos. A seguir, desenvolve-se um modelo a tempo discreto que unifica essas mesmas teorias. Tal modelo desenvolve-se a partir da análise de Mauer e Ott (2000) e da de Smit e Trigeorgis (2004). Posteriormente, procede-se a uma simulação e apresenta-se as conclusões da análise realizada. Os resultados encontrados demonstram que, na simulação realizada a existência de concorrência em mercados não puramente competitivos produz impactos significativos na tomada de decisões empresariais

A Survey of Interdependent Information Security Games

Risks faced by information system operators and users are not only determined by their own security posture, but are also heavily affected by the security-related decisions of others. This interdependence between information system operators and users is a fundamental property that shapes the efficiency of security defense solutions. Game theory is the most appropriate method to model the strategic interactions between these participants. In this survey, we summarize game-theoretic interdependence models, characterize the emerging security inefficiencies, and present mechanisms to improve the security decisions of the participants. We focus our attention on games with interdependent defenders and do not discuss two-player attackerdefender games. Our goal is to distill the main insights from the state-of-the-art and to identify the areas that need more attention from the research community

Interdependent Defense Games with Applications to Internet Security at the Level of Autonomous Systems

We propose interdependent defense (IDD) games, a computational game-theoretic framework to study aspects of the interdependence of risk and security in multi-agent systems under deliberate external attacks. Our model builds upon interdependent security (IDS) games, a model by Heal and Kunreuther that considers the source of the risk to be the result of a fixed randomized-strategy. We adapt IDS games to model the attacker’s deliberate behavior. We define the attacker’s pure-strategy space and utility function and derive appropriate cost functions for the defenders. We provide a complete characterization of mixed-strategy Nash equilibria (MSNE), and design a simple polynomial-time algorithm for computing all of them for an important subclass of IDD games. We also show that an efficient algorithm to determine whether some attacker’s strategy can be a part of an MSNE in an instance of IDD games is unlikely to exist. Yet, we provide a dynamic programming (DP) algorithm to compute an approximate MSNE when the graph/network structure of the game is a directed tree with a single source. We also show that the DP algorithm is a fully polynomial-time approximation scheme. In addition, we propose a generator of random instances of IDD games based on the real-world Internet-derived graph at the level of autonomous systems (≈27 K nodes and ≈100 K edges as measured in March 2010 by the DIMES project). We call such games Internet games. We introduce and empirically evaluate two heuristics from the literature on learning-in-games, best-response gradient dynamics (BRGD) and smooth best-response dynamics (SBRD), to compute an approximate MSNE in IDD games with arbitrary graph structures, such as randomly-generated instances of Internet games. In general, preliminary experiments applying our proposed heuristics are promising. Our experiments show that, while BRGD is a useful technique for the case of Internet games up to certain approximation level, SBRD is more efficient and provides better approximations than BRGD. Finally, we discuss several extensions, future work, and open problems

Model-Based Support for Information Technology Security Decision Making

With the increase in the number and diversity of attacks, a main concern for organizations is to keep their network and systems secure. Existing frameworks to manage Information Technology (IT) security include empirical evaluations, security risk assessments, cost-benefit analyses, and adversary-based evaluations. These techniques are often not easy to apply and their results are usually difficult to convey. This dissertation presents a model to help reasoning about security and to support communication between IT security experts and managers. The model identifies major components of security: threat, user, organization, asset, and emphasizes the human element. Characteristics for each component are determined and cover the attacker's motivations, the user's risk perception, the IT security team expertise, and the depth of protection of the asset. These characteristics are linked through causal influences that can represent positive or negative relationships and be leveraged to rank alternatives through a set of weights. The described formalism allows IT security officers to brainstorm about IT security issues, to evaluate the impacts of alternative solutions on characteristics of security, and ultimately on the level of security, and to communicate their findings to managers. The contributions of this dissertation are three-fold. First, we introduce an approach to develop and validate a model for IT security decision making, given known issues related to this task: difficulties in sharing security data, lack of accepted security metrics, limitation in available information and use of experts. We propose a development and validation process that relies on two sources of information: experts and data. Second, we provide the results of the model development for academic environments. The resulting model is based on extended discussions with the Director of Security at the University of Maryland (UMD), two interviewed experts, fifteen surveyed experts, and empirical data collected at UMD. Finally, we demonstrate the use of the model to justify IT security decisions and present methodological steps towards measuring various characteristics of the model

The economics of mandatory security breach reporting to authorities

Legislators in many countries enact security breach notification regulation to address a lack of information security. The laws designate authorities to collect breach reports and advise firms. We devise a principal–agent model to analyze the economic effect of mandatory security breach reporting to authorities. The model assumes that firms (agents) have few incentives to unilaterally report breaches. To enforce the law, regulators (principals) can introduce security audits and sanction noncompliance. However, audits cannot differentiate between concealment and nescience of the agents. Even under optimistic assumptions regarding the effectiveness of mandatory security breach reporting to authorities in reducing individual losses, our model predicts that it may be difficult to adjust the sanction level such that breach notification laws generate social benefit

Economic Analysis of International Law

The topics covered in this volume range from classics of the on-going discussion on the economic analysis of international law – such as the issue of legitimacy of customary international law – to more recent topics such as internet privacy, private military contractors, the fight against piracy, the International Criminal Court and the highly topical issue of land grabbing

Researching Non-state Actors in International Security

This volume provides researchers and students with a discussion of a broad range of methods and their practical application to the study of non-state actors in international security. All researchers face the same challenge, not only must they identify a suitable method for analysing their research question, they must also apply it. This volume prepares students and scholars for the key challenges they confront when using social-science methods in their own research. To bridge the gap between knowing methods and actually employing them, the book not only introduces a broad range of interpretive and explanatory methods, it also discusses their practical application. Contributors reflect on how they have used methods, or combinations of methods, such as narrative analysis, interviews, qualitative comparative analysis (QCA), case studies, experiments or participant observation in their own research on non-state actors in international security. Moreover, experts on the relevant methods discuss these applications as well as the merits and limitations of the various methods in use. Research on non-state actors in international security provides ample challenges and opportunities to probe different methodological approaches. It is thus particularly instructive for students and scholars seeking insights on how to best use particular methods for their research projects in International Relations (IR), security studies and neighbouring disciplines. It also offers an innovative laboratory for developing new research techniques and engaging in unconventional combinations of methods. This book will be of much interest to students of non-state security actors such as private military and security companies, research methods, security studies and International Relations in general

Planning and Evaluation of Information Security Investments

This thesis provides a theory-based understanding of information security investments within organizations concentrating on organizational planning and evaluation of information security investments. The underlying framework is the Cyber Security Investment Framework of Rowe and Gallaher (2006). This work is structured as follows: In Part I, the dissertation is motivated and the theory to frame this research is described in detail. Subsequently, in Part II, the publications which comprise this thesis are presented. Finally, in Part III, the fi�ndings of this dissertation are discussed