Investment Decision on Information System Security: A Scenario Approach
نویسندگان
چکیده
This paper presents scenarios of information security—defending against directed security threats, risk-averse firm’s willingness to invest, and attacker’s propensity to security measures—each enhancing our understanding of a firm’s information security investment under different circumstances. We find that, when a firm tries to defend against directed attacks, the relative size of potential losses is an important factor in determining the level of optimal investment, and the total investment may drop when the system vulnerability is high. And a firm should carefully weight its and the potential attacker’s levels of aversion to risks in order to determine the most optimal level information security investments. The implications, limitations, and future directions of this research are also discussed.
منابع مشابه
Development of decision support tool for municipal solid waste management system in Iran based on life cycle assessment approach
Background and Objective: Various aspects including the environmental burdens, social and economic consequences of the waste management(WM) scenarios must be considered to come up with a comprehensive WM plan. Life Cycle Assessment (LCA) approach is a systematic method to quantify the environmental burdens of each WM scenario. Materials and Methods: This study used an LCA approach to develop a...
متن کاملFuturology of Multi-Criteria Decision Making Techniques Using Philosophical Assumptions of Paradigms in Scenario Writing
There are many opportunities and threats in the decision-making environment for managers, and an organization must use research and information systems to change, monitor, and anticipate this environment. Futurism reflects how tomorrow reality gives birth to tomorrow's reality is. The purpose of this research; Analyzing the role of futures studies in the existing patterns of critical factors of...
متن کاملFixed Costs, Investment Rigidities, and Risk Aversion in Information Security: A Utility-theoretic Approach
This paper addresses the question of determining the optimal timing of interventions in information security management. Using utility theory, we derive the limiting condition under which, given a potential or realized risk, a decision to invest, delay, or abandon can be justified. Our primary focus is on the decision to defer costly deterministic investments, such as the removal of a service o...
متن کاملReal-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملEvaluation of trade and production policy in Iranian SME (a system dynamics model)
It is undeniable that SMEs face many management-related problems. These problems are often deeply rooted in the strategic decision making by managers. One of these decisions is associated with the production section. Many of these companies provide production infrastructure at high costs; however, they are unsuccessful in acquiring their market share. In these circumstances, providing a solutio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009