This book explores the strategic decisions made by organizations when implementing cybersecurity controls, leveraging economic models and theories from the economics of information security and risk management frameworks.