Proportional Hazards in Information Security

Ryan, Julie J.C.H.; Ryan, Daniel J.

doi:10.1111/j.0272-4332.2005.00573.x

Cited by 14 publications

(10 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Following the literature support and industrial evidence (Anderson, 2001;Bodin et al, 2005;Carty et al, 2012;Rowe and Gallaher, 2006;Ryan and Ryan, 2005), we, therefore, posit that the following propositions will have a positive effect on firm performance in the context of information security investment.…”

Section: Research Framework and Propositionsmentioning

confidence: 61%

“…The effectiveness of IT-related investments, measured in financial terms, has been a topic of research for quite a while now. However, researchers (Anderson, 2001;Bodin et al, 2005;Kuhn et al, 2013;Rowe and Gallaher, 2006;Ryan and Ryan, 2005) have argued that security investments, unlike other IT-related investments, additionally depend on political or regulatory decisions and not solely on financial decisions. In essence, we posit that security investment must be analyzed using a holistic approach that combines different factors such as technical, financial, legal and policy.…”

Section: Conceptual Foundationmentioning

confidence: 99%

See 1 more Smart Citation

Investigating security investment impact on firm performance

Bose

Luo

2014

International Journal of Accounting &Amp; Information Management

View full text Add to dashboard Cite

Purpose – The purpose of this study is to propose to use the economic value added to measure firm performance against information security investments. Design/methodology/approach – The authors develop a conceptual framework to capture non information technology (IT)-related and IT-related security investment factors and propose to study their holistic influences on firm performance. Findings – The authors propose 14 propositions to understand the relationship between security investments and firm performance. Research limitations/implications – The authors propose a validation process to guide future research to further empirically capture all needed data and analyze the proposed relationships. Practical implications – Managers can view security investment from a more comprehensive perspective and understand how to potentially contribute each of the non IT-related and IT-related factors to firm performance. Originality/value – This is one of the early attempts studying information security investment vs firm performance from a comprehensive conceptual angel.

show abstract

Section: Research Framework and Propositionsmentioning

confidence: 61%

Section: Conceptual Foundationmentioning

confidence: 99%

Investigating security investment impact on firm performance

Bose

Luo

2014

International Journal of Accounting &Amp; Information Management

View full text Add to dashboard Cite

show abstract

“…In [13] nonparametric methods are given as a basis for analysis of failure times in order to derive probability distributions of systems failures (these failures are the consequence of successful breaches of security services). This basis is improved by correlating system survival times to the use of certain design enhancements and other threats countermeasures.…”

Section: Specifics Of Risk Management For Ismentioning

confidence: 99%

System Dynamics Based Risk Management for Distributed Information Systems

Trček

2009

2009 Fourth International Conference on Systems

View full text Add to dashboard Cite

Networked information systems have not been restricted to closed organizations environments for more than a decade. They are now crucial in supporting operations of infrastructure, ranging from power plants to air-control systems. These networked information systems, essentially forming the current internet, are thus highly sensitive kinds of infrastructure where security plays a central role. However, assuring their security has to address certain specific aspects with regard to risk management. This paper presents a new approach to support decision making in this complex area. It is based on a generic risk management model for distributed information systems that deploys system dynamics. Such an approach provides many advantages, like suitability for interdisciplinary use, providing a graphical view on the system structure and components relationships, real-time support for "what-if" scenarios, and the possibility for inclusion in automated decision support systems. It is especially suitable for education and risk awareness programs in organizations.

show abstract

“…One of the most studied problems in this area is the issue of security in highrisk facilities-susceptible facilities where failure can cause a catastrophic disaster. This area of study includes transportation security, (36) information security, (37) security in power plants, (8)(9) nuclear facilities, (1) etc. Sagan uses an engineering metaphor called redundancy to explore the counterintuitive behavior we may get from a family of policies.…”

Section: Complicated Interrelations In Security Problemsmentioning

confidence: 99%

How a System Backfires: Dynamics of Redundancy Problems in Security

Ghaffarzadegan

2008

Risk Analysis

View full text Add to dashboard Cite

Increasing attention is being paid to reliability, safety, and security issues in social systems. Scott Sagan examined why more security forces (a redundancy solution) may lead to less security. He discussed how such a solution can backfire due to three major issues (i.e., "common-mode error,""social shirking," and "overcompensation"). In this article, using Sagan's hypotheses, we simulate and analyze a simple and generic security system as more guards are added to the system. Simulation results support two of Sagan's hypotheses. More specifically, the results show that "common-mode error" causes the system to backfire, and "social shirking" leads to an inefficient system while exacerbating the common-mode error's effect. Simulation results show that "overcompensation" has no effect of backfiring, but it leads the system to a critical state in which it can easily be affected by the common-mode error. Furthermore, the simulation results make us question the importance of the initial power of adversaries (e.g., terrorists) as the results show that, for any exogenous level of adversary power, the system endogenously overcompensates to a level that makes the system more susceptible to being attacked.

show abstract

Proportional Hazards in Information Security

Cited by 14 publications

References 4 publications

Investigating security investment impact on firm performance

Investigating security investment impact on firm performance

System Dynamics Based Risk Management for Distributed Information Systems

How a System Backfires: Dynamics of Redundancy Problems in Security

Contact Info

Product

Resources

About