A comparison of high-availability media recovery techniques
SIGMOD '89 Proceedings of the 1989 ACM SIGMOD international conference on Management of data
The adoption and design methodologies of component-based enterprise systems
European Journal of Information Systems
BMAP/SM/1 queue with Markovian input of disasters and non-instantaneous recovery
Performance Evaluation
Probability and statistics with reliability, queuing and computer science applications
Probability and statistics with reliability, queuing and computer science applications
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Information Systems Research
Managing vulnerabilities of information systems to security incidents
ICEC '03 Proceedings of the 5th international conference on Electronic commerce
Simulating realistic network worm traffic for worm warning system design and testing
Proceedings of the 2003 ACM workshop on Rapid malcode
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Measuring the Risk-Based Value of IT Security Solutions
IT Professional
Economics of Software Vulnerability Disclosure
IEEE Security and Privacy
Toward Econometric Models of the Security Risk from Remote Attack
IEEE Security and Privacy
Incentive-based modeling and inference of attacker intent, objectives, and strategies
ACM Transactions on Information and System Security (TISSEC)
A Management Perspective on Risk of Security Threats to Information Systems
Information Technology and Management
The Value of Intrusion Detection Systems in Information Technology Security Architecture
Information Systems Research
Risk analysis for information technology
Journal of Management Information Systems
A Framework for Assessing the Business Value of Information Technology Infrastructures
Journal of Management Information Systems
Journal of Management Information Systems
Market Segmentation Within Consolidated E-Markets: A Generalized Combinatorial Auction Approach
Journal of Management Information Systems
Intrusion Prevention in Information Systems: Reactive and Proactive Responses
Journal of Management Information Systems
An information systems security risk assessment model under uncertain environment
Applied Soft Computing
Safe Contexts for Interorganizational Collaborations Among Homeland Security Professionals
Journal of Management Information Systems
A Benchmarking Model for Management of Knowledge-Intensive Service Delivery Networks
Journal of Management Information Systems
Antecedents of Security Pillars in E-Commerce Applications
International Journal of Business Data Communications and Networking
A Benchmarking Model for Management of Knowledge-Intensive Service Delivery Networks
Journal of Management Information Systems
Hacker Behavior, Network Effects, and the Security Software Market
Journal of Management Information Systems
Hi-index | 0.00 |
Organizations are faced with a variety of information security threats and implement several information system security countermeasures (ISSCs) to mitigate possible damage due to security attacks. These security countermeasures vary in their ability to deal with different types of security attacks and, hence, are implemented as a portfolio of ISSCs. A key challenge for organizations is to understand the economic consequences of security attacks relative to the ISSC portfolio implemented. This paper combines the risk analysis and disaster recovery perspectives to build an integrated simulation model of ISSC portfolio value. The model incorporates the characteristics of an ISSC portfolio relative to the threat and business environments and includes the type of attack, frequency of attacks, possible damage, and the extent and time of recovery from damage. The simulation experiments provide interesting insights into the interactions between ISSC portfolio components and characteristics of business and threat environments in determining portfolio value.