Optimal information security investment in a Healthcare Information Exchange: An economic analysis

Decision Support Systems

Volumn 61, Issue 1, 2014, Pages 1-11

  Huang, C Derrick ^a   Behara, Ravi S ^a   Goo, Jahyun ^a  

^a FLORIDA ATLANTIC UNIVERSITY   (United States)

Author keywords

Healthcare Information Exchange; Healthcare information technology; Information security; Optimal investment; Scale free network

Indexed keywords

COMPLEX NETWORKS; HEALTH CARE; HOSPITAL DATA PROCESSING; INFORMATION DISSEMINATION; INFORMATION TECHNOLOGY; INVESTMENTS; OPTIMIZATION; RISK MANAGEMENT; SECURITY OF DATA;

ECONOMIC DECISION ANALYSIS; HEALTHCARE INFORMATION TECHNOLOGY; INFORMATION EXCHANGES; INFORMATION SECURITY INVESTMENT; NETWORK CHARACTERISTICS; OPTIMAL INVESTMENTS; SCALE FREE NETWORKS; SECURITY INVESTMENTS;

ECONOMIC ANALYSIS;

EID: 84897513600     PISSN: 01679236     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.dss.2013.10.011     Document Type: Article

References (81)

1. J. Adler-Milstein, and Bates Paperless healthcare: progress and challenges of an IT-enabled healthcare system Business Horizon 53 2010 119 130
2. J. Adler-Milstein, D.W. Bates, and A.K. Jha U.S. regional health information organizations: progress and challenges Health Affairs 28 2 2009 483 492
3. AHIMA/HIMSS The Privacy and Security Gaps in Health Information Exchange, White Paper by the AHIMA/HIMSS HIE Privacy and Security Joint Work group 2011
4. W. Aiello, F. Chung, and L. Lu A random graph model for massive graphs Proceedings of the 32nd Annual ACM Symposium on Theory of Computing, New York 2000 171 180
5. R. Albert, H. Jeong, and A.-L. Barabási Diameter of the world-wide web Nature 401 1999 130 131 (Pubitemid 29436307)
6. D. Alderson, L. Li, W. Wallinger, and J.C. Doyle Understanding internet topology: principles, models, and validation IEEE/ACM Transactions on Networking 13 6 2005 1205 1218 (Pubitemid 43034130)
7. S. Alter, and S. Sherer A general, but readily adaptable model of information system risk Communications of the AIS 14 1 2004 1 28
8. R. Anderson, and T. Moore The economics of information security Science 314 2006 610 613 (Pubitemid 44646376)
9. A. Appari, and M.E. Johnson Information security and privacy in healthcare: current state of research International Journal of Internet and Enterprise Management 6 4 2010 279 314
10. A. Arora, D. Hall, C.A. Pinto, D. Ramsey, and R. Telang Measuring the risk-based value of IT security solutions IT Professional 6 6 2004 35 42 (Pubitemid 40168789)
11. A.-L. Barabási, and R. Albert Emergence of scaling in random networks Science 286 1999 509 512
12. R.S. Behara, and S. Bhattacharya Process-centric risk management framework for information security H. Chen, T.S. Raghu, R. Ramesh, A. Vinze, D. Zeng, National Security 2007 Elsevier The Netherlands 349 366
13. L.D. Bodin, L.A. Gordon, and M.P. Loeb Evaluating information security investments using the analytic hierarchy process Communications of the ACM 48 2 2005 79 83
14. R. Bojanc, and B.J. Blazic Towards a standard approach for quantifying an ICT security investment Computer Standards & Interface 30 2008 216 222 (Pubitemid 351308028)
15. P. Carter, C. Lemery, D. Mikels, R. Bowen, and B. Hjort Privacy and security in health information exchange Journal of AHIMA 77 10 2006 64A-C (Pubitemid 44747723)
16. H. Cavusoglu, B. Mishra, and S. Raghunathan The value of intrusion detection systems in information technology security architecture Information Systems Research 16 1 2005 28 46 (Pubitemid 40701107)
17. Center for Medicare and Medicaid Services (CMS) Stage 1 vs. stage 2 comparison table for eligible hospitals and CAHs available at http://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/ Downloads/Stage1vsStage2CompTablesforHospitals.pdf 2012
18. S. Chai, M. Kim, and H.R. Rao Form's information security investment decisions: stock market evidence of investors' behavior Decision Support Systems 50 2011 651 661
19. M. Collins, C. Gates, and G. Kataria A model for opportunistic network exploits: the case of P2P worms Fifth Workshop on Economics of Information Security, Cambridge, England 2006
20. D.B. Chang, and C.S. Young Infection dynamics on the internet Computers & Security 24 2005 280 286 (Pubitemid 40752311)
21. D. Cremonini, and M. Nizovtsev Understanding and influencing attackers' decisions: implications for security investment strategies Fifth Workshop on Economics of Information Security, Cambridge, England 2006
22. M. Daneva Applying real options thinking to information security in networked organizations CTIT Technical Report TR-CTIT-06-11 2006 Centre for Telematics and Information Technology, University of Twente The Netherlands
23. Dhanjani Hacking: The Next Generation 2009 O'Reiley Media
24. Emory Univesity Why IT Security Can Instil Confidence in a Company's Reputation and Brand 2007 Knowledge @ Emory (http://knowledge.emory.edu/article. cfm?articleid=1075s)
25. M. Faloutsos, P. Faloutsos, and C. Faloutsos On power-law relationships of the internet topology ACM SIGCOMM Computer Communication Review 29 4 1999 251 262 (Pubitemid 32081870)
26. P. Fntaine, S.E. Ross, T. Zink, and L.M. Schilling Systematic review of health information exchange in primary care practices Journal of the American Board of Family Medicine 23 5 2010 655 670
27. E. Gal-Or, and A. Ghose The economic incentives for sharing security information Information Systems Research 16 2 2005 186 208 (Pubitemid 43057222)
28. L.A. Gordon, and M.P. Loeb The economics of information security investment ACM Transactions on Information and Systems Security 5 4 2002 438 457
29. L.A. Gordon, and M.P. Loeb Return on information security investments: myths vs. realities Strategic Finance 84 5 2002 26 31
30. L.A. Gordon, and M.P. Loeb Managing Cybersecurity Resources: A Cost-Benefit Analysis 2006 McGraw-Hill, Inc.
31. L.A. Gordon, M.P. Loeb, and W. Lucyshyn Sharing information on computer systems security: an economic analysis Journal of Accounting and Public Policy 22 2003 461 485 (Pubitemid 37491796)
32. C. Griffin, and R. Brooks A note on the spread of worms in scale-free networks IEEE Transactions on Systems Man and Cybernetics Part B 36 1 2006 198 202 (Pubitemid 43179774)
33. T. Gross, C.J. Dommar D'Lima, and B. Blasius Epidemic dynamics on an adaptive network Physical Review Letters 96 2006 208701
34. W. Grossman, and P.D.F. Ion On a portion of the well-known collaboration graph Congressus Numerantium 108 1995 129 131
35. M. Gupta, S. Banerjee, M. Agrawal, and H.R. Rao A framework for security analysis of internet technology components enabling globally distributed workplaces ACM Transactions on Internet Technology 8 4 2008 17:2 17:38
36. HHS (Department of Health and Human Services) HIPPA Security Series, 1. Security 101 for Covered Entities accessed at http://www.hhs.gov/ocr/privacy/ hipaa/administrative/securityrule/security101.pdf 2007
37. C.D. Huang, and R.S. Behara Economics of information security investment in the case of simultaneous attacks International Journal of Production Economics 141 1 2013 255 268
38. C.D. Huang, Q. Hu, and R.S. Behara Economics of information security investment in the case of simultaneous attacks International Journal of Production Economics 114 2 2008 793 804
39. IT PCG (IT Policy Compliance Group) The financial benefits of spend on security accessed at http://www.itpolicycompliance.com/wp-content/uploads/2013/ 02/The-Financial-Benefits-of-Spend-on-Security-Overview.pdf 2012
40. M.E. Jennex, and S. Zyngier Security as a contributor to knowledge management success Information Systems Frontier 9 2007 493 504 (Pubitemid 350007344)
41. H. Jeong, S. Mason, A.-L. Barabasi, and Z.N. Oltival Lethality and centrality in protein networks Nature 411 2001 41 42 (Pubitemid 32428180)
42. M.E. Johnson Health-care industry: heal thyself Wall Street Journal September 26 2011 http://online.wsj.com/news/articles/ SB10001424053111904716604576542380296355702.
43. M.E. Johnson, and S. Dynes Inadvertent disclosure - information leaks in the extended enterprise Sixth Workshop on the Economics of Information Security, Pittsburgh, Penn June 7-8 2007
44. R. Kaas, M. Gavaerts, J. Phaene, and M. Dennit Modern Actuarial Risk Theory 2001 Kluwer Academic Publishers Boston, Mass.
45. M.J. Keeling, and K.T.D. Eames Networks and Epidemic Models Journal of the Royal Society Interface 2 2005 295 307
46. R.L. Kumar, S. Park, and C. Subramniam Understanding the value of countermeasure portfolios in information security Journal of Management Information Systems 25 20 2008 241 279
47. H. Kunreuther, and G. Heal Interdependent security Journal of Risk and Uncertainty 26 2/3 2003 231 249
48. J. Kwon, and M.E. Johnson Security practices and regulatory compliance in the healthcare industry Journal of American Medical Informatics Association 20 2013 44 51
49. Y.C. Lai, Z. Liu, and N. Ye Infection dynamics on growing networks International Journal of Modern Physics B 17 22,23,24 2003 4045 4061
50. Y.J. Lee, R.J. Kauffman, and R. Sougstad Profit-maximizing form investments in customer information security 51 2011 904 920
51. C.H. Lee, X. Geng, and S. Raghunathan Contracting Information Security in the Presence of Double Moral Hazard Information Systems Research 24 2 June 2013 295 311
52. F. Liljeros, C.R. Edling, L.A.N. Amaral, H.E. Stanley, and Y. Aberg The web of human sexual contact Nature 411 2001 907 908
53. S. Nagaraja, and R. Anderson The topology of covert conflict Computer Laboratory Technical Report UCAM-CL-TR-637 2005 University of Cambridge
54. National Alliance for Health Information Technology Report to the Office of the National Coordinator for Health IT on Defining Key Health Information Technology Terms, April 2008
55. National Institute of Standards and Technology Managing security risk: organization, mission, and information system view NIST Special Publication 800-39 2011 U.S. Department of Commerce
56. M.E.J. Newman The structure and function of complex networks SIAM Review 45 2 2003 167 256
57. H. Ogut, and N. Menon Cyber insurance and IT security investment: impact of interdependent risk Fourth Workshop on the Economics of Information Security, Cambridge, Mass June 2-3 2005
58. R. Pastor-Satorras, and A. Vespignani Epidemic spreading in scale-free networks Physical Review Letters 86 14 2001 3200 3203 (Pubitemid 32317894)
59. Ponemon Institute Benchmark study on patient privacy and data security http://www2.idexpertscorp.com/resources/healthcare/healthcare-articles- whitepapers/ponemon-benchmark-study-on-patient-data-security-practices/? utm-source=Ponemon%2BRedirect&utm-medium=Online&utm-campaign= Ponemon%2BRedirect/ November 2010 (accessed 4 April 2011)
60. S. Pursor A Practical Guide to Managing Information Security 2004 Artech House
61. S. Redner How popular is your paper? An empirical study of the citation distribution European Physics Journal B 23 1998 267 271
62. T. Sawik Selection of optimal countermeasure portfolio in IT security planning Decision Support Systems 2013 10.1016/j.dss.2013.01.001
63. S.E. Schechter Toward econometric models of the security risk from remote attacks IEEE Security & Privacy 3 1 2005 40 44 (Pubitemid 40325581)
64. J. Song, and F.M. Zahedi Trust in health infomediaries Decision Support Systems 43 2007 390 407 (Pubitemid 46216543)
65. D.S. Soper, H. Demirkan, and M. Goul An interorganizational knowledge sharing security model with breach propagation detection Information Systems Frontier 9 2007 469 479 (Pubitemid 350007343)
66. M.M. Telo da Gama, and A. Nunes Epidemics in small world networks European Physical Journal B 50 2006 205 208
67. T. Tsiakis, and G. Stephanides The economic approach of information security Computer & Security 24 2005 105 108 (Pubitemid 40583822)
68. A. Vazquz, M. Boguna, Y. Moreno, R. Pastor-Satorras, and A. Vespignani Topology and correlations in structured scale-free networks Physical Review E 67 2003 046111
69. V. Viduto, C. Maple, W. Huang, and D. Lopez-Perez A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem 53 2012 599 610
70. J. Walker, E. Pan, D. Johnston, J. Adler-Milstein, D.W. Bates, and B. Middleton The value of health care information exchange and interoperability Health Affairs, Supplemental Web Exclusive 2005 (W5-10-W5-18)
71. W. Wallinger, R. Govindan, S. Jamin, V. Paxson, and S. Shenker Scaling phenomena in the internet: critically examining criticality Proceedings of National Academy of Science 99 1 2000 2573 2580 (Pubitemid 34165068)
72. J. Wang How may IT security affect competitive advantage? The Fourth ABIT Annual Meeting, Monroeville, Pennsylvania 2004
73. J. Wang, A. Chaudhury, and H.R. Rao A value-at-risk approach to information security investment Information Systems Research 19 1 2008 106 120
74. D.J. Watts, and S.H. Strogatz Collective dynamics of "small- world" networks Nature 393 1998 440 442
75. L. Xiao, B. Hu, M. Croitoru, P. Lewis, and S. Dasmahapatra A knowledgeable security model for distributed health information systems Computer & Security 29 2010 331 349
76. W.T. Yue, M. Cakanyildirim, Y.U. Ryu, and D. Liu Network externalities, layered protection and IT security risk management Decision Support Systems 44 2007 1 16 (Pubitemid 47374296)
77. T. Zhou, Z. Fu, and B. Wang Epidemics on complex networks Progress in Natural Science 16 5 2006 452 457
78. T. Zhou, J.G. Liu, W.J. Bai, G.C. Chen, and B. Wang Behaviors of susceptible-infected epidemics on scale-free networks with identical infectivity Physical Review E 74 2006 056109
79. R. Albert, H. Jeong, and A.L. Barabási Error and Attack Tolerance of Complex Networks Nature 406 2000 378 382 (Pubitemid 30625551)
80. Kaufman Rossin & Co Hitech Act Three Years Later: Are Health Records Safe? White paper Series 2012 (Kaufman Russin & Co., 2012)
81. S. Dynes, H. Brechbühl, and M.E. Johnson Information Security in the Extended Enterprise: Some Initial Results from a Field Study of an Industrial Firm, Fourth Workshop on Economics of Information Security, June 2-3, 2005, Cambridge 2005 Mass United States