Cybersecurity Investment Allocation for a Multi-Branch Firm: Modeling and Optimization

Xu, Lu; Li, Yanhui; Fu, Jing

doi:10.3390/math7070587

Cited by 15 publications

(11 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The result reflects that the DORSU implementation for information security policy is imbalanced. Various literature shows the importance of cultural [11,[23][24][25] and economic aspect [12,16] as the basis on the effective and balances information security policy implementations. The result also shows that information security is a challenging issue in DORSU governance.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Multicriteria Decision Analysis on Information Security Policy: A Prioritization Approach

Cabrera

Reyes

Lasco

2020

Adv. technol. innov.

View full text Add to dashboard Cite

Security is the most serious concern in the digital environment. To provide a sound and firm security policy, a multi-holistic approach must be considered when making strategic decisions. Thus, the objective of this study was to evaluate the information security (IS) and decision making of Davao Oriental State University (DORSU) using the analytic hierarchy process (AHP) approach. The four aspects of IS, namely, the technology, management, economy, and culture were used with the three IS components consisting of confidentiality, integrity, and availability to implement the AHP. The results showed that the technology and management have higher significant values than the economic and cultural aspects. Meanwhile, for the IS components, the integrity signifies the highest priority followed by confidentiality, lastly, and availability. These results emphasize an imbalance in implementing IS policy, which must be addressed to ensure that the data integrity, confidentiality, and availability are balanced, particularly during the information exchange transactions.

show abstract

Section: Resultsmentioning

confidence: 99%

“…Mostly, the organization focuses on the management and technical aspects of IS [1]. Furthermore, recent studies are giving high emphasis on cultural [11] and economic aspects [12] in the information security. In general, aspects of the information security can be categorized into the technology, management, culture, and economy.…”

Section: Literature Reviewmentioning

confidence: 99%

Multicriteria Decision Analysis on Information Security Policy: A Prioritization Approach

Cabrera

Reyes

Lasco

2020

Adv. technol. innov.

View full text Add to dashboard Cite

show abstract

“…Information security investment is one of the core issues in the area of information economics (Anderson & Moore, 2006). Gordon and Loeb (2002) first developed an economic model to determine the optimal security investments in individual organizations and proposed two classic probability functions of security breach, which has caused extensive attention of researchers (Bandyopadhyay et al, 2010; Huang & Behara, 2013; Li & Xu, 2021; Xu et al, 2019; Zhao et al, 2013). Huang and Behara (2013) analyzed the optimal security investments of risk‐averse decision‐making enterprises, and found that the optimal investment increases with the increase of potential loss but does not exceed it.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Businesses need to make a tradeoff between information security investments and sales profits of personalized products. Previous studies have adopted the economic and mathematical methods to investigate the optimal security investment from the angle of firms, but ignored the interactions between firm's security strategies and consumers' information disclosure decisions (Feng et al, 2019; Gordon & Loeb, 2002; Hausken, 2006; Huang & Behara, 2013; Nagurney et al, 2017; Simon & Omar, 2020; Xu et al, 2019; Zhao et al, 2013). To model the strategy interactions of multiple decision‐makers, the game theoretic approach is widely applied Huang and Behara (2013), Hausken (2006), Li (2021) and Nagurney et al (2017).…”

Section: Introductionmentioning

confidence: 99%

Information security investment and purchase decision for personalized products

Yao

2022

Manage Decis Econ

Self Cite

View full text Add to dashboard Cite

Considering information security and personalization paradoxes, this paper investigates the optimal information security investments of a firm and purchasing decisions of consumers with different privacy concerns in online personalization. It is found that consumers and firm tend to fall into a prisoner's dilemma in Nash equilibrium. To improve security investment efficiency and boost personalization consumption, firm‐led Stackelberg game and firm‐led Stackelberg game with punishment mechanism are proposed and analyzed. The results indicate that the security information measures firm take in advance can effectively increase the waverers' willingness to purchase personalized products. Government punishment helps to facilitate a win‐win situation but does not work when proportion of wavers in the market is very small. Furthermore, the responses of equilibrium strategies and payoffs to related characteristics are discussed numerically. Finally, some managerial insights are recommended to firms who provide personalized products for making proper security investment and to government departments for formulating security punishment policies.

show abstract

“…This is exactly the problem we tackle here: How should a company jointly optimize security investments and insurance buying when it is composed of multiple branches, and a correlation exists between security accidents at the branches and at the headquarters? Here, we consider the same framework described by Khalili et al (2018) and Xu et al (2019), where the vulnerability of the headquarters is influenced by the characteristics and behavior of the branches, i.e., by their intrinsic vulnerability and their risk management choices, but not vice versa.…”

Section: Introductionmentioning

confidence: 99%

Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm

Mazzoccoli

Naldi

2021

Risks

View full text Add to dashboard Cite

Investments in security and cyber-insurance are two cyber-risk management strategies that can be employed together to optimize the overall security expense. In this paper, we provide a closed form for the optimal investment under a full set of insurance liability scenarios (full liability, limited liability, and limited liability with deductibles) when we consider a multi-branch firm with correlated vulnerability. The insurance component results to be the major expense. It ends up being the only recommended approach (i.e., setting zero investments in security) when the intrinsic vulnerability is either very low or very high. We also study the robustness of the investment choices when our knowledge of vulnerability and correlation is uncertain, concluding that the uncertainty induced on investment by either uncertain correlation or uncertain vulnerability is not significant.

show abstract

Cybersecurity Investment Allocation for a Multi-Branch Firm: Modeling and Optimization

Cited by 15 publications

References 33 publications

Multicriteria Decision Analysis on Information Security Policy: A Prioritization Approach

Multicriteria Decision Analysis on Information Security Policy: A Prioritization Approach

Information security investment and purchase decision for personalized products

Optimal Investment in Cyber-Security under Cyber Insurance for a Multi-Branch Firm

Contact Info

Product

Resources

About