The article presents research on risk management related to computer network security in management information systems. A queuing model is presented to quantify the downtown loss faced by a network in a security attack and compare it to the costs of investment in computer security technologies, diversification of computer software to limit the risk of coordinated failure and investment in information technology to repair failures. Situations under which the strategy of diversification of computer software are financially advantageous are discussed.