Information technology (IT) security has emerged as an important issue in e-commerce. Firms typically employ multiple security technologies such as firewalls and intrusion detection systems (IDS) to secure their IT systems. An assessment of the value of these technologies is crucial for firms to design the optimal architecture. Such assessments are also useful to security technology developers in focusing their design efforts. We describe in this report our ongoing research in economic modeling of IT security management. Specifically we describe the technologies used in a typical IT security architecture, a game theoretical model of the significant aspects of the architecture, preliminary analysis of the model, and our current and future work. Our research, when completed, will yield guidelines that will help security technology deployment firms make their investment decisions and security technology developers make their design decisions.