Information Security Investment: Expected Utility Approach with Correlated Information Assets
نویسندگان
چکیده
This paper analyzes the information security investment decisions by a firm with two correlated information assets. When information assets are correlated, a firm may face additional losses compared to a loss from a single breach, and the probability of security breach on one set may increase the probability on the other. We model the security investment of a risk-taking firm as well as risk-neutral firm by taking an expected utility approach. We then compare the decisions made by a risk-taking firm to those made by a risk-neutral firm. We will also examine how decision maker allocates funds in protecting two information sets with a limited budget.
منابع مشابه
Insurer Optimal Asset Allocation in a Small and Closed Economy: The Case of Iran’s Social Security Organization
We seek to determine the optimal amount of the insurer’s investment in all types of assets for a small and closed economy. The goal is to detect the implications and contributions the risk seeker and risk aversion insurer commonly make and the effectiveness in the investment decision. Also, finding the optimum portfolio for each is the main goal of the present study. To this end, we adopted the...
متن کاملInformation Security Investment with Different Information Types: A Two-Firm Analysis
We analyze information security investment decisions by two firms that possess imperfectly substitutable information assets. Information assets are imperfectly substitutable if information at each firm is valuable and becomes more valuable when combined. When compared to optimal investment decisions made by a central planner, we find diametrically opposite results in the case where these decisi...
متن کاملTowards a standard approach for quantifying an ICT security investment
The rise of the potential risks from different attacks on ICT systems means the investment in security technology is growing and is becoming a serious economic issue for many organizations. The assessment of the appropriate investment that is economically affordable and provides enough protection for the enterprise information system is an issue that is analysed here. The paper discusses the id...
متن کاملInformation Security Investment Strategies in Supply Chain Firms: Interplay Between Breach Propagation, Shared Information Assets and Chain Topology
Firms in a supply chain share information assets among them, and make use of inter-firm network connections to enable quick information sharing. Both of these approaches have significant implications when a security breach occurs. One, the interconnections may become conduits for security breach propagation. Two, shared information assets now become vulnerable at the owner as well as at the par...
متن کاملFraming Information Security Budget Requests to Maximize Investments
Nearly one in three security practitioners believe that the organization they work for under-funds information security efforts. Rational choice and economic models have been developed to help decision makers determine the optimal amount they should spend to protect a set of information assets. These models presume investment decisions are rationally made, despite long-standing behavioral and d...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2015