With powerful regulations surrounding security and privacy of information, the authors attempt to identify challenges valuing information security investments. The authors examine three primary approaches to measuring information value: Perceived, Real, and Normative. Literature is reviewed and the approaches are examined in terms of their strengths and weaknesses in providing value measurements for secure information systems. A framework is presented to suggest at what level in an organization and in what situations these information value approaches are most suitable
