The impact of malicious agents on the enterprise software industry

MIS Quarterly: Management Information Systems

Volumn 34, Issue SPEC. ISSUE 3, 2010, Pages 595-612

  Galbreth, Michael R ^a   Shor, Mikhael ^b  

^a UNIVERSITY OF SOUTH CAROLINA   (United States)

^b VANDERBILT UNIVERSITY   (United States)

Author keywords

Game theory; Information system security; Network externalities; Software selection

Indexed keywords

COMMERCE; COMPUTER SOFTWARE SELECTION AND EVALUATION; GAME THEORY; HORIZONTAL WELLS; INVESTMENTS; NETWORK SECURITY; SOFTWARE AGENTS;

COMPETITIVE MARKETS; INFORMATION SYSTEM SECURITY; MALICIOUS ACTIVITIES; NEGATIVE NETWORK EFFECTS; NETWORK EXTERNALITY; QUALITY DIFFERENTIATION; SOFTWARE PRODUCTS; SOFTWARE SELECTION;

ENTERPRISE SOFTWARE;

EID: 77957089023     PISSN: 02767783     EISSN: None     Source Type: Journal    
DOI: 10.2307/25750693     Document Type: Article

References (73)

1. Akerlof, G. A. 1970. "The Market for 'Lemons': Quality Uncertainty and the Market Mechanism," The Quarterly Journal of Economics (84:3), pp. 488-500.
2. st Annual Reliability and Maintainability Symposium, Alexandria, VA, January 24-27, pp. 615-620.
3. th International Symposium on Software Reliability Engineering, Raleigh, NC, November 7-10, pp. 343-352.
4. nd ed.), New York: Wiley Publishing.
5. Anderson, R., Moore, T., Nagaraja, S., and Ozment, A. 2007. "Incentives and Information Security," Algorithmic Game Theory, in N. Nisan, T. Roughgarden, E. Tardos and V. V. Vazirani (eds.), New York: Cambridge University Press, pp. 633-650.
6. Anderson, S. P. 2008. "Product Differentiation," The New Palgrave Dictionary of Economics Online, S. Durlauf and L. Blume (eds.), London: Palgrave Macmillan (http://www.dictionaryofeconomics.com/article?id=pde2008- P000201)
7. Arora, A., Caulkins, J. P., and Telang, R. 2006. "Sell First, Fix Later: Impact of Patching on Software Quality," Management Science (52:3), pp. 465-471.
8. Arora, A., Nandkumar, A., Krishnan, R., Telang, R., and Yang, Y. 2004. "Impact of Vulnerability Disclosure and Patch Availability: An Empirical Analysis," paper presented at the Workshop on Economics and Information Security, Minneapolis, MN, May 13-14.
9. Arora, A., Telang, R., and Xu, H. 2008. "Optimal Policy for Software Vvulnerability Disclosure," Management Science (54:4), pp. 642-656.
10. Asvanund, A., Clay, K., Krishnan, R., and Smith, M. 2004. "An Empirical Analysis of Network Externalities in Peer-to-Peer Music Sharing Networks," Information Systems Research (15:2), pp. 155-174.
11. August, T., and Tunca, T. I. 2006. "Network Software Security and User Incentives," Management Science (52:11), pp. 1703-1720.
12. August, T., and Tunca, T. I. 2008. "Let the Pirates Patch? An Economic Analysis of Software Security Patch Restrictions," Information Systems Research (19:1), pp. 48-70.
13. Berghel, H. 2003. "Malware Month," Communications of the ACM (46:12), pp. 15-19.
14. Berry, S., Levinsohn, J., and Pakes, A. 1995. "Automobile Prices in Market Equilibrium," Econometrica (63:4), pp. 841-890.
15. Blakley, B. 2002. "The Measure of Information Security Is Dollars," paper presented at the Workshop on Economics and Information Security, Berkeley, CA, May 16-17.
16. Bohme, R., and Kataria, G. 2006. "On the Limits of Cyber-Insurance," in Trust, Privacy and Security in Digital Business, S. Fischer-Huebner, S. Furnell and C. Lambrinoudakis (eds.), Berlin: Springer Verlag, pp. 31-40.
17. Brynjolfsson, E., and Kemerer, C. F. 1996. "Network Externalities in Microcomputer Software: An Econometric Analysis of the Spreadsheet Market," Management Science (42:12), pp. 1627-1647.
18. Cavusoglu, H., Cavusoglu, H., and Raghunathan, S. 2007. "Efficiency of Vulnerability Disclosure Mechanisms to Disseminate Vulnerability Knowledge," IEEE Transactions on Software Engineering (33:3), pp. 171-185.
19. Cavusoglu, H., Cavusoglu, H., and Zhang, J. 2008. "Security Patch Management: Share the Burden or Share the Damage?," Management Science (54:4), pp. 657-670.
20. Cavusoglu, H., Mishra, B., and Raghunathan, S. 2004. "The Effect of Internet Security Breach Announcements on Market Value: Capital Market Reactions for Breached Firms and Internet Security Developers," International Journal of Electronic Commerce (9:4), pp. 69-105.
21. Cavusoglu, H., Mishra, B., and Raghunathan, S. 2005. "The Value of Intrusion Detection Systems in Information Technology Security Architecture,"Information Systems Research (16:1), pp. 28-46.
22. Cavusoglu, H., and Raghunathan, S. 2004. "Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches," Decision Analysis (1:3), pp. 131-148.
23. Cherian, J. 2007. "Mozilla's Firefox Browser Gaining in Popularity Among U.S. Small-to-Medium Businesses," All Headline News, March 9 (accessed March 26, 2007
24. Choi, J. P., Fershtman, C., and Gandal, N. 2005. "Internet Security, Vulnerability, and Software Provision," paper presented at the Workshop on Economics and Information Security, Cambridge, MA, June 2-3.
25. Consumer Reports. 2005. "Net Threat Rising," Consumer Reports, September, pp. 12-15.
26. Cremonini, M., and Nizovtsez, D. 2006. "Understanding and Influencing Attackers Decisions: Implications for Security Investment Strategies," paper presented at the Workshop on Economics and Information Security, Cambridge, UK, June 26-28.
27. Datamonitor. 2005. "Global Application Software" (http://www.datamonitor.com/)
28. DeFelice, A. 2006. "Firefox a Growing Target for Hackers, Linux Insider, August 1 (available at http://www.linuxinsider.com/story/52152.html; accessed September 6, 2009).
29. Dinev, T., and Hart, P. 2006. "An Extended Privacy Calculus Model for E-commerce Transactions," Information Systems Research (17:1), pp. 61-80. (Pubitemid 43450179)
30. Evers, J. 2004. "'Internet Explorer Loses Market Share," Info World, November 2 (available at www.infoworld.com/article/04/11/02/HNielosing-1. html; accessed September 6, 2009).
31. Farrell, J., and Saloner, G. 1985. "Standardization, Compatability and Innovation," RAND Journal of Economics (76:5), pp. 940-955.
32. Gal-Or, E., and Ghose, A. 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research (16:2), pp. 186-208.
33. Galbreth, M. R., March, S. T., Scudder, G. D., and Shor, M. 2005. "A Game-Theoretic Model of E-Marketplace Participation Growth," Journal of Management Information Systems (22:1), pp. 295-319.
34. Gordon, L. A., and Loeb, M. P. 2002. "The Economics of Information Security Investment," ACM Transactions on Information and System Security (5:4), pp. 438-457.
35. Grow, B., and Bush, J. 2005. "Hacker Hunters," Business Week, May 30, pp. 74-82.
36. Hackner, J., and Nyberg, S. 1996. "Vanity and Congestion: A Study of Reciprocal Externalities," Economica (63:249), pp. 97-111.
37. Hauser, J. R., and Rao, V. 2004. "Conjoint Analysis, Related Modeling, and Applications," in Advances in Market Research and Modeling: Progress and Prospects, J. Wind and P. Green (eds.), New York: Kluwer Academic Publishers, pp. 141-168.
38. Hotelling, H. 1929. "Stability in Competition," Economic Journal (39:1), pp. 41-57.
39. Katz, M. L., and Shapiro, C. 1985. "Network Externalities, Competition, and Compatability," American Economic Review (75:3), pp. 424-440.
40. Lee, I. H., and Mason, R. 2001. "Market Structure in Congestible Markets," European Economic Review (45:4-6), pp. 809-818.
41. Li, X. 2004. "Information Cascades in IT Adoption," Communications of the ACM (47:4), pp. 93-97.
42. Linn, J. 2005. "Technology and Web User Data Privacy," IEEE Security and Privacy (3:5), pp. 52-58.
43. Loch, K. D., Carr, H. H., and Warkentin, M. E. 1992. "Threats to Information Systems: Today's Reality, Yesterday's Understanding," MIS Quarterly (16:2), pp. 173-186.
44. MacKie-Mason, J. K., and Varian, H. 1994. "Economics FAQs About the Internet," Journal of Economic Perspectives (8:3), pp. 75-96.
45. Maxcer, C. 2007. "Gates' Mac Attack: Fact vs. Fiction," Mac News World, March 1 (available at http://www.macnewsworld.com/story/56017.html; accessed September 6, 2009).
46. McFadden, D. 1986. "The Choice Theory Approach to Market Research," Marketing Science (5:4), pp. 275-297.
47. McHugh, J. A., Christie, A., and Allen, J. 2000. "Defending Yourself: The Role of Intrusion Detection Systems," IEEE Software (17:5), pp. 42-51.
48. Moorthy, K. S. 1988. "Product and Price Competition in a Duopoly," Marketing Science (7:2), pp. 141-168.
49. Mossberg, W. 2009. "In Browser Wars, the New Firefox Loses Some Edge," Wall Street Journal, July 16, Section D, p. 1.
50. Nadiminti, R., Mukhopadhyay, T., and Kriebel, C. H. 2002. "Research Report: Intrafirm Resource Allocation with Asymmetric Information and Negative Externalities," Information Systems Research (13:4), pp. 428-434.
51. Parker, G. G., and VanAlstyne, M. W. 2005. "Two-Sided Network Effects: A Theory of Information Product Design," Management Science (51:10), pp. 1494-1504.
52. Rescorla, E. 2005. "Is Finding Security Holes a Good Idea?," IEEE Security and Privacy (3:5), pp. 14-19.
53. Riggins, F. J., Kriebel, C. H., and Mukhopadhyay, T. 1994. "The Growth of Interorganizational Systems in the Presence of Network Externalities," Management Science (40:8), pp. 984-998.
54. Sahay, B. S., and Gupta, A. K. 2003. "Development of Software Selection Criteria for Supply Chain Solutions," Industrial Management and Data Systems (103:2), pp. 97-110.
55. SANS. 2007. "SANS Top-20 2007 Security Risks," SANS Institute (available at http://www.sans.org/top20/2007/; accessed April 1, 2010).
56. Scotchmer, S. 1985. "Profit Maximizing Clubs," Journal of Public Economics (27:1), pp. 25-45.
57. Shaked, A., and Sutton, J. 1982. "Relaxing Price Competition Through Product Differentiation," The Review of Economic Studies (49:1), pp. 3-13.
58. Soo Hoo, K. J. 2000. "How Much Is Enough? A Risk-Management Approach to Computer Security," working paper, Consortium for Research on Information Security and Policy, Stanford University (available at http://pointy.stanford.edu/pubs/11900/soohoo.pdf; accessed April 1, 2010).
59. Straub, D. W. 1990. "Effective IS Security: An Empirical Study," Information Systems Research (1:3), pp. 255-276.
60. Sullivan, D. 2006. "Viruses, Worms and Blended Threats," Chapter 3 in The Definitive Guide to Controlling Malware, Spyware, Phishing, and Spam, realtimepublishers.com (available at http://nexus.realtimepublishers.com/ dgcmsps.php).
61. Symantec. 2005. "Internet Security Threat Report: Trends for January 05-June 05," Symantec Corporation, Cupertino, CA, September (available at http://eval.symantec.com/mktginfo/enterprise/white-papers/ent-whitepaper- symantec-internet-security-threat-report-viii.pdf).
62. Tam, K. Y., and Hui, K. L. 2001. "A Choice Model for the Selection of Computer Vendors and its Empirical Estimation," Journal of Management Information Systems (17:4), pp. 97-124.
63. Tiebout, C. M. 1956. "A Pure Theory of Local Public Expenditures," Journal of Political Economy (64:5), pp. 416-424.
64. Umble, E. J., Haft, R. R., and Umble, M. M. 2003. "Enterprise Resource Planning: Implementation Procedures and Critical Success Factors," European Journal of Operational Research (146), pp. 241-257.
65. Van Dender, K. 2002. "Nash-Bertrand Competition in a Duopoly with Congestion," working paper, Department of Economics, University of California, Irvine online at http://www.economics.uci.edu/docs/2002-03/ VanDender-01.pdf
66. van Everdingen, Y., van Hillegersberg, J., and Waarts, E. 2000. "ERP Adoption by European Midsize Compaines," Communications of the ACM (43:4), pp. 27-31.
67. Varian, H. 2004. "System Reliability and Free Riding,"in Economics of Information Security, in L. J. Camp and S. Lewis (eds.), New York: Springer, pp. 1-15.
68. Walker, J., Pan, E., Johnston, D., Adler-Milstein, J., Bates, D. W., and Middleton, B. 2005. "The Value of Health Care Information Exchange and Interoperability," Health Affairs, January 19, pp. W510-W518.
69. Wang, E. T. G., and Seidmann, A. 1995. "Electronic Data Interchange: Competitive Externalities and Strategic Implementation Policies," Management Science (41:3), pp. 401-418.
70. Westland, J. C. 1992. "Congestion and Network Externalities in the Short Run Pricing of Information Systems Services," Management Science (38:6), pp. 992-1009.
71. Wingfield, N. 2006. "'Worms' Turn on Apple Macs, Bigger Target as Sales Boom," Wall Street Journal, February 27, Section B, pp. 1-3.
72. th IASTED International Conference on Computational and Systems Biology, Dallas, TX, November 13-15, pp. 172-177 (available at http://www.cs.colostate.edu/-malaiya/pub/wooSEA-2006.pdf).
73. Yuan, L. 2006. "Hackers Learn to Think Like the Enemy," Wall Street Journal, March 23, Section B, pp. 3.