A system dynamics model for information security management

Nazareth, Derek L.; Choi, Jae Hoon

doi:10.1016/j.im.2014.10.009

Cited by 101 publications

(66 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In addition, a heuristic was developed to solve the problem. Nazareth and Choi (2015) used a system dynamics model to assess various information security management strategies, which can provide managers guidance for security decisions. They found that investing in security detection tools leads to a better payoff than in deterrence activities.…”

Section: Literature Reviewmentioning

confidence: 99%

A game-theoretic analysis of information security investment for multiple firms in a network

Qian

Liu

Pei

et al. 2017

Journal of the Operational Research Society

View full text Add to dashboard Cite

The application of Internet of Things promotes the cooperation among firms, and it also introduces some information security issues. Due to the vulnerability of the communication network, firms need to invest in information security technologies to protect their confidential information. In this paper, considering the multiple-step propagation of a security breach in a fully connected network, an information security investment game among n firms is investigated. We make meticulous theoretic and experimental analyses on both the Nash equilibrium solution and the optimal solution. The results show that a larger network size (n) or a larger one-step propagation probability (q) has a negative effect on the Nash equilibrium investment. The optimal investment does not necessarily increase in n or q, and its variation trend depends on the concrete conditions. A compensation mechanism is proposed to encourage firms to coordinate their strategies and invest a higher amount equal to the optimal investment when they make decisions individually. At last, our model is extended by considering another direct breach probability function and another network structure, respectively. We find that a higher connection density of the network will result in a greater expected cost for each firm.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

A game-theoretic analysis of information security investment for multiple firms in a network

Qian

Liu

Pei

et al. 2017

Journal of the Operational Research Society

View full text Add to dashboard Cite

show abstract

“…Along with this concern is a growing recognition that better internet security behavior is needed (Nazareth & Choi, 2015). The Pew poll found that 6 in 10 respondents indicated an interest to do more to protect the privacy of their personal information online (Madden, 2014, November 12).…”

Section: Introductionmentioning

confidence: 99%

Anxiety about internet hacking: Results from a community sample

Elhai

Hall²

2016

Computers in Human Behavior

View full text Add to dashboard Cite

“…Quantitative methods are more complex, but they are more applicable when the information is sufficient or the risk of information assets may be relatively large. The commonly used quantitative analysis methods include Factor Analysis Method, Cluster Analysis, Time Series Model, Regression Model, Risk Mapping and so on [4] . Each method has its own advantages and disadvantages.…”

Section: Literature Reviewmentioning

confidence: 99%

Research of Information System Security Risk Management based on Probability Model and Security Entropy

Du¹,

Zhou²,

Guo³

et al. 2018

dtcse

View full text Add to dashboard Cite

Nowadays, there is a big challenge on the security risk of information system with the rapid development of network. Computer viruses have brought great intimidation on information systems, which made the loss of worldwide information security moving up. Therefore, more and more people focus on the security problem of information systems, which need our appropriate protection. At first, the principle approach from security risk identification to risk management is proposed. Secondly, an information system security risk management algorithm based on probability model and security entropy is described in detail. Thirdly, a particular system is selected as the example. The whole risk of information system security is modelled and computed according to the risk management computing formula. In accordance with the example, the applicability and feasibility of the probability model is verified. The method proposed in this paper provides some use of reference in the risk management of information system security and execution of security measures.

show abstract

A system dynamics model for information security management

Cited by 101 publications

References 39 publications

A game-theoretic analysis of information security investment for multiple firms in a network

A game-theoretic analysis of information security investment for multiple firms in a network

Anxiety about internet hacking: Results from a community sample

Research of Information System Security Risk Management based on Probability Model and Security Entropy

Contact Info

Product

Resources

About