Security Investment as Board Strategy: Pricing Protection on Both Sides of the Boom.
Beyond the Boom gave every security control two scores: TMP for preventing loss events, LMAP for limiting the damage when they happen. This sequel prices them, scenario by scenario: two closed-form Bayesian updates - one for how often loss events happen, one for what they cost - feeding a per-control return calculation, credited across every scenario a control covers, that a board risk committee can follow line by line. The board conversation shifts from whether security spend is justified to which priced option gets funded first - with the board owning the loss threshold, the price of tail risk, and the review cadence. An interactive calculator runs the method on your own numbers.




