The article by Noel et al (July 2010) presents an application of financial risk management methodology to modeling information systems security risk. The proposed framework is well-grounded in established industry practices, as well as robust statistical models. Noel et al achieve a plausible decision-support metric for organizational systems security investment options, taking into account budget constraints and variable complexity. Such analysis would be a valuable complement within the systems development framework, as long as model sensitivity to quality of input variable estimates is kept in consideration. A comparison of Monte Carlo methodology results with existing System Security risk models would be interesting, as part of further research.