Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints

International Journal of Production Economics

Volumn 141, Issue 1, 2013, Pages 255-268

  Huang, C Derrick ^a   Behara, Ravi S ^a  

^a FLORIDA ATLANTIC UNIVERSITY   (United States)

Author keywords

Budget allocation; Cost benefit analysis; Information security; Investment analysis; Scale free network

Indexed keywords

ANALYTIC MODELS; BREACH PROBABILITY; BUDGET ALLOCATION; BUDGET CONSTRAINT; ECONOMICS OF INFORMATION; FIXED BUDGET; INFORMATION SECURITY INVESTMENT; INVESTMENT ANALYSIS; POTENTIAL LOSS; SCALE FREE NETWORKS; SECURITY ATTACKS; SECURITY BREACHES; SECURITY BUDGET; SECURITY INVESTMENTS;

BUDGET CONTROL; COST BENEFIT ANALYSIS; ECONOMICS; INDUSTRY; NUMERICAL ANALYSIS; RISK ASSESSMENT; SECURITY OF DATA;

INVESTMENTS;

EID: 84869508852     PISSN: 09255273     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.ijpe.2012.06.022     Document Type: Article

References (50)

1. R. Albert, H. Jeong, and A.L. Barabási Diameter of the world-wide web Nature 401 1999 130 131
2. R. Albert, H. Jeong, and A.L. Barabási Error and attack tolerance of complex networks Nature 406 2000 378 382
3. D. Alderson, L. Li, W. Wallinger, and J.C. Doyle Understanding Internet topology: principles, models, and validation IEEE/ACM Transactions on Networking 13 6 2005 1205 1218
4. S. Alter, and S. Sherer A general, but readily adaptable model of information system risk Communications of the AIS 14 1 2004 1 28
5. R. Anderson, and T. Moore The economics of information security Science 314 2006 610 613
6. A. Arora, D. Hall, C.A. Pinto, D. Ramsey, and R. Telang Measuring the risk-based value of IT security solutions IEEE IT Professional 6 6 2004 35 42
7. A.L. Barabási, and R. Albert Emergence of scaling in random networks Science 286 1999 509 512
8. R.S. Behara, and S. Bhattacharya Process-Centric Risk Management Framework for Information Security H. Chen, T.S. Raghu, R. Ramesh, A. Vinze, D. Zeng, National Security 349-366 2007 Elsevier The Netherlands
9. S. Bellovin Computer security: an end state? Communications of ACM 44 3 2001 131 132
10. N.G. Carr It doesn't matter Harvard Business Review 81 5 2003 41 49
11. E. Casey Determining Intent - Opportunistic vs. Targeted Attacks Computer Fraud & Security 4 2003 8 11
12. H. Cavusoglu, and S. Raghunathan Configuration of intrusion detection systems: a comparison of decision and game theoretic approaches INFORMS Journal of Decision Analysis 1 3 2004 131 148
13. H. Cavusoglu, B. Mishra, and S. Raghunathan A model for evaluating IT security investments Communications of ACM 47 7 2004 87 92
14. H. Cavusoglu, B. Mishra, and S. Raghunathan The value of intrusion detection systems in information technology security architecture Information Systems Research 16 1 2005 28 46
15. D.B. Chang, and C.S. Young Infection dynamics on the internet Computer Security 24 2005 280 286
16. Collins, M.; Gates, C.; Kataria, G.; 2006. A model for opportunistic network exploits: the case of P2P worms. In: Fifth Workshop on Economics of Information Security, Cambridge, England.
17. Cremonini, D.; Nizovtsev, M.; 2006. Understanding and influencing attackers' decisions: implications for security investment strategies. In: Fifth Workshop on Economics of Information Security, Cambridge, England.
18. CERT, 2007. Overconfidence is Pervasive Amongst Security Professionals, E-Crime Watch Survey by CSO Magazine, CERT, and U.S. Secret Service.
19. N. Dhanjani Hacking: The Next Generation 2009 O'Reiley Media
20. M. Faloutsos, P. Faloutsos, and C. Faloutsos On power-law relationships of the internet topology ACM SIGCOMM Computer and Communications Review 29 4 1999 251 262
21. S. Goel, and V. Chen Can business process reengineering lead to security vulnerability: analyzing the reengineered process International Journal of Production Economics 115 1 2008 104 112
22. L.A. Gordon, and M.P. Loeb The economics of information security investment ACM Transactions on Information Systems Security 5 4 2002 438 457
23. C. Griffin, and R. Brooks A note on the spread of worms in scale-free networks IEEE Transactions on Systems, Man, Cybernetics B 36 1 2006 198 202
24. T. Gross, C.J.D. D'Lima, and B. Blasius Epidemic dynamics on an adaptive network Physical Review Letters 96 20 2006 2087011
25. K. Hauske Returns to information security investment: the effect of alternative information security breach functions on optima investment and sensitivity to vulnerability Information Systems Frontier 8 2006 338 349
26. X. Li Preemptive learning, competency traps, and information technology adoption: a real options analysis IEEE Transactions on Engineering Management 56 4 2009 650 662
27. C.D. Huang, R.S. Behara, and Q. Hu An economic analysis of the optimal information security investment in the case of a risk-averse firm International Journal of Production Economics 114 2 2008 793 804
28. C.D. Huang, R.S. Behara, and Q. Hu Managing risk propagation in extended enterprise networks IEEE IT Professional 10 4 2008 14 19
29. K. Karr The State of information security spending Forrester Research 4 2006
30. Kaufman, R.; Li, X.; 2005. Technology competition and optimal investment timing: a real options perspective. IEEE Transaction on Engineering Management 52 (1), 15-29.
31. H. Khamooshi, and D.F. Cioffi Program risk contingency budget planning IEEE Transactions on Engineering Management 56 1 2009 171 179
32. Kumar, R.; Raghavan, P.; Rajagopalan, S.; Sivakumar, D.; Tomkins, A.; Upfal, E.; 2000. The web as a graph. In: Proceedings of 19th ACM Symposium of Principles of Database Systems, Dallas, Texas, 1-10.
33. R.L. Kumar, S. Park, and C. Subramaniam Understanding the value of countermeasure portfolios in information systems security Journal of Management Information Systems 25 2 2008 241 279
34. Y.C. Lai, Z. Liu, and N. Ye Infection dynamics on growing networks International Journal of Modern Physics B 17 22/23/24 2003 4045 4061
35. R.T. Mercuri Analyzing security costs Communications of ACM 46 6 2003 15 18
36. J. Mirkovic, and P. Reiher A taxonomy of DDoS attack and DDoS defense mechanism ACM SIGCOMM Computer and Communications Review 34 2 2004 39 53
37. S. Nagaraja, and R. Anderson The Topology of Covert Conflict, Computer Laboratory Technical Report UCAM-CL-TR-637 2005 University of Cambridge
38. Ogut, H.; Menon, N.; Raghunathan, S.; 2005. Cyber insurance and IT security investment: impact of interdependent risk. In: Fourth Workshop on Economics of Information Security, Cambridge, MA.
39. R. Pastor-Satorras, and A. Vespignani Epidemic spreading in scale-free networks Physical Review Letters 86 14 2001 3200 3203
40. J. Poff What's really happening in IT security? InterBusiness Issues 2009
41. Ponemon Institute, 2009. 2008 Annual Study: Cost of Data Breach. PGP Corporation.
42. Richardson, R.; 2009. 2008 CSI Computer Crime & Security Survey. Computer Security Institute.
43. S.E. Schechter Towards econometric models of the security risk from remote attacks IEEE Security & Privacy 3 1 2005 40 44
44. M.M. Telo da Gama, and A. Nunes Epidemics in small world networks European Physics Journal B 50 2006 205 208
45. Verizon, 2011. Data Breach Investigations Report.
46. Vijaya, Jaikumar, 2011. Epsilon a Victim of Spear-Phishing Attack, Says Report. Computer World, April 7.
47. W. Wallinger, R. Govindan, S. Jamin, V. Paxson, and S. Shenker Scaling phenomena in the internet: critically examining criticality Proceedings of National Academy of Science 99 1 2000 2573 2580
48. D.J. Watts Small worlds: the dynamics of networks between order and randomness 1999 Princeton University Press Princeton, New Jersey
49. D.J. Watts, and S.H. Strogatz Collective dynamics of small-world Networks, Nature 393 1998 440 442
50. T. Zhou, J.G. Liu, W.J. Bai, G. Chen, and B.H. Wang Behavior of susceptible-infected epidemics on scale-free networks with identical infectivity Physical Reviews E 74 5 2006 0561091