Security is one of the most important issues in computer networks. A common view of networks security is based on technical measures. Cryptographic models, firewalls and intrusion detection models are implemented in every information framework of an organization. Although deployment of such technologies may reduce security vulnerabilities and losses from security breaches, it is not clear to organizations how much they must invest in information security. In this article, common approaches of economics in information security are introduced. From the perspective of an organization, security is an investment to be estimated as cost-saving due to reduced losses from security breaches. Besides that, any new ventures that are profitable for the organization and would not be implemented without security countermeasures need to be considered. Any organization should follow a risk-management strategy according to their needs. Organizations that over-protect their information infrastructure will have spent too much on information security. Respectively, those who under-protect their information infrastructure will suffer grater losses caused by security breaches.