When Being Hot Is Not Cool: Monitoring Hot Lists for Information Security

Ji, Yonghua; Kumar, Subodha; Mookerjee, Vijay

doi:10.1287/isre.2016.0677

Cited by 15 publications

(15 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors propose how to improve connectivity of cyber networks. Ji et al (2016) discuss how big data analysis and optimization tools can be used to tackle advanced cyberattacks. Bensoussan et al (2020) reveal that intrusion prevention is a crucial point for overcoming cyber-security risk.…”

Section: Related Literaturementioning

confidence: 99%

E‐commerce supply chains with considerations of cyber‐security: Should governments play a role?

Luo

Choi

2022

Production and Operations Management

View full text Add to dashboard Cite

E‐commerce supply chains and their members face risks from cyber‐attacks. Consumers who purchase goods online also risk having their private information stolen. Thus, businesses are investing to improve cyber‐security at a nontrivial cost. In this paper, we conduct a Stackelberg game‐theoretical analysis. In the basic model, we first derive the equilibrium pricing and cyber‐security level decisions in the e‐commerce supply chain. Based on real‐world practices, we then explore whether governments should impose cyber‐security penalty schemes. Our findings show that when the government is characterized by having sufficiently high emphasis on consumer surplus, implementing the penalty scheme is beneficial to social welfare. Then, we extend the analysis to examine how adopting systems security enhancing technologies (such as blockchain) will affect the government's choice of imposing penalty. We uncover that when it is beneficial to have government's penalty scheme, the technology benefit‐to‐cost ratio is a critical factor that governs whether the optimal penalty will be lower or higher with the adoption of systems security enhancing technologies. To generate more insights, we conduct further analyses for various extended modeling cases (e.g., with alliance, competition, and the defense‐level dependent penalty scheme) and find that our main results remain robust. One important insight we have uncovered in this study is that imposing government penalty schemes on cyber‐security issues may do more harm than good; while once it is beneficial to implement, the government should charge the heaviest possible fine. This finding may explain why in the real world, governments basically always adopt a polarized strategy, that is, either do not impose penalty or impose a super heavy penalty, on cyber‐security issues.

show abstract

Section: Related Literaturementioning

confidence: 99%

E‐commerce supply chains with considerations of cyber‐security: Should governments play a role?

Luo

Choi

2022

Production and Operations Management

View full text Add to dashboard Cite

show abstract

“…Second, the model shows that scholars have been interested in cybercriminals and our ability to monitor and detect them from both within and outside the firm (Ji et al, 2016;Siering et al, 2021). Included in this research are studies that provide guidance for darknet research (Benjamin et al, 2019;Ebrahimi et al, 2020) and for the analysis of cybercriminal Internet Relay Chat (IRC) communities (Benjamin et al, 2016), as well as studies focused on the influence of peer monitoring on employee information security policy (ISP) violations (Yazdanmehr and Wang, 2021).…”

Section: Published Topics Of Interestmentioning

confidence: 99%

“…Second, the model shows that scholars have been interested in cybercriminals and our ability to monitor and detect them from both within and outside the firm (Ji et al. , 2016; Siering et al.…”

Section: Published Topics Of Interestmentioning

confidence: 99%

A closer look at organizational cybersecurity research trending topics and limitations

Johnston

2022

OCJ

View full text Add to dashboard Cite

PurposeIn identifying both the topics of interest and key limitations of the extant organizational security research, both opportunities for future research as well as some underlying challenges for conducting this research may be revealed.Design/methodology/approachTo identify the leading organizational cybersecurity research topics of interest and their key limitations, the author conducted a topic modeling analysis of the organizational level studies published in the Association for Information Systems (AIS) senior scholars' “basket of eight journals” (Association for Information Systems, 2022) over the past five years.FindingsLeading topics include (1) organizational security research concerns governance and strategic level decision-making and their role in shaping organizational security successes and failures, (2) cybercriminals and organizations' ability to monitor and detect them from both within and outside the firm; (3) cost, liability and security negligence, (4) organizations' innovation dispositions for security products and services and (5) organizational breach response efficacy; while key limitations of this study include the following: (1) scholars' ability to propose and assess strategic and operational level threat response recommendations, (2) their understanding how influence is formed and maintained among employees and groups and (3) their measurement instruments and models.Originality/valueOrganizations remained plagued by an ever-emerging set of threats to the security of their digital and informational assets. New threats are regularly discovered and remedies to existing threats are continually proven ineffective against these new threats. Providing an orientation to the current research on organizational security can help advance their security efforts.

show abstract

“…Mookerjee et al (2011) study the maintenance of detection systems while accounting for the potential dissemination of attack knowledge. Ji et al (2016) examine how extensively monitoring should be conducted in the interest of minimizing the monitoring cost and security incident cost. Ogut et al (2008) examine various waiting-time policies to minimize the utilization of costly human agents associated with the investigation of IDS alarms.…”

Section: Literature Reviewmentioning

confidence: 99%

Managing Information System Security Under Continuous and Abrupt Deterioration

Bensoussan

Mookerjee

Yue

2020

Production and Operations Management

Self Cite

View full text Add to dashboard Cite

I n this study, we focus on the maintenance of an intrusion detection system (IDS) that attempts to discriminate between benign and malicious traffic arriving at a firm. An attack is more likely to successfully harm the firm if the ability of its IDS to discriminate between malicious and benign traffic is low, implying loopholes or vulnerabilities in the firm's security. A novel aspect of this study is the modeling of both continuous degradation in system discrimination ability (drift) and the arrival of abrupt shocks that can suddenly lower discrimination ability. We model shocks to arrive randomly and cause a random decrease in discrimination ability. Furthermore, we prove the existence of a steady-state level of discrimination ability that firms should strive to reach and maintain. When discrimination ability is below this steady-state level, full effort must be exerted to reach it. We also compare our model with alternative settings, examine the impact of parameter estimation error, and study scenarios in which the arrival rate of malicious traffic is a function of the steady-state discrimination ability chosen by the firm.

show abstract

When Being Hot Is Not Cool: Monitoring Hot Lists for Information Security

Cited by 15 publications

References 43 publications

E‐commerce supply chains with considerations of cyber‐security: Should governments play a role?

E‐commerce supply chains with considerations of cyber‐security: Should governments play a role?

A closer look at organizational cybersecurity research trending topics and limitations

Managing Information System Security Under Continuous and Abrupt Deterioration

Contact Info

Product

Resources

About