The economics of information security investment

The economic cost of publicly announced information security breaches: empirical evidence from the stock market

Journal of Computer Security - IFIP 2000

A model for evaluating IT security investments

Communications of the ACM - Has the Internet become indispensable?

Evaluating information security investments using the analytic hierarchy process

Communications of the ACM - Medical image modeling

Inoculation strategies for victims of viruses and the sum-of-squares partition problem

SODA '05 Proceedings of the sixteenth annual ACM-SIAM symposium on Discrete algorithms

Budgeting process for information security expenditures

Communications of the ACM - Personal information management

Aligning information security investments with a firm's risk tolerance

InfoSecCD '05 Proceedings of the 2nd annual conference on Information security curriculum development

Inoculation strategies for victims of viruses and the sum-of-squares partition problem

Journal of Computer and System Sciences

Does information security attack frequency increase with vulnerability disclosure? An empirical analysis

Information Systems Frontiers

Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability

Information Systems Frontiers

Economic aspects of information security: An emerging field of research

Information Systems Frontiers

An experimental economics approach toward quantifying online privacy choices

Information Systems Frontiers

Exploring the characteristics of Internet security breaches that impact the market value of breached firms

Expert Systems with Applications: An International Journal

The management of access controls/biometrics in organizations

InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development

Is Information Security Under Control?: Investigating Quality in Information Security Management

IEEE Security and Privacy

Archetypal behavior in computer security

Journal of Systems and Software

Network externalities, layered protection and IT security risk management

Decision Support Systems

Necessary measures: metric-driven information security risk assessment and decision making

Communications of the ACM

Information security and risk management

Communications of the ACM - The psychology of security: why do good users make bad decisions?

Towards a standard approach for quantifying an ICT security investment

Computer Standards & Interfaces

Capturing industry experience for an effective information security assessment

International Journal of Information Systems and Change Management

Secure or insure?: a game-theoretic analysis of information security games

Proceedings of the 17th international conference on World Wide Web

Optimal resource allocation for securing an enterprise information infrastructure

Proceedings of the 4th international IFIP/ACM Latin American conference on Networking

Security and insurance management in networks with heterogeneous agents

Proceedings of the 9th ACM conference on Electronic commerce

The importance of information security spending: an economic approach

Proceedings of the 2008 Spring simulation multiconference

A Layered Decision Model for cost-effective system security

International Journal of Information and Computer Security

Risk Based Authorisation for Mobile Ad Hoc Networks

AIMS '07 Proceedings of the 1st international conference on Autonomous Infrastructure, Management and Security: Inter-Domain Management

An economic mechanism for better Internet security

Decision Support Systems

Understanding the Value of Countermeasure Portfolios in Information Systems Security

Journal of Management Information Systems

Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment

Journal of Management Information Systems

Choice and Chance: A Conceptual Model of Paths to Information Security Compromise

Information Systems Research

Investments in Information Security: A Real Options Perspective with Bayesian Postaudit

Journal of Management Information Systems

Estimating the market impact of security breach announcements on firm values

Information and Management

A formal model for pricing information systems insurance contracts

Computer Standards & Interfaces

Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers

Journal of Management Information Systems

Information security investment decisions: evaluating the Balanced Scorecard method

International Journal of Business Information Systems

Improving CVSS-based vulnerability prioritization and response with context information

ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement

Quantitative analysis of information security interdependency between industrial sectors

ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement

Particle swarm optimization approach for information security investment decision

CA '07 Proceedings of the Ninth IASTED International Conference on Control and Applications

Uncertainty in the weakest-link security game

GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks

On the Effectiveness of Privacy Breach Disclosure Legislation in Europe: Empirical Evidence from the US Stock Market

NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age

Information security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest

Information Technology and Management

Risks and Benefits of Signaling Information System Characteristics to Strategic Attackers

Journal of Management Information Systems

Strategic games on defense trees

FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust

Business oriented information security management: a layered approach

OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II

References

Dependability metrics

Assurance for federated identity management

Journal of Computer Security - Digital Identity Management (DIM 2007)

Fuzzy economic decision-models for information security investment

IMCAS'10 Proceedings of the 9th WSEAS international conference on Instrumentation, measurement, circuits and systems

A risk-metric framework for enterprise risk management

IBM Journal of Research and Development

Using data envelopment analysis and decision trees for efficiency analysis and recommendation of B2C controls

Decision Support Systems

Information security investment decision-making based on fuzzy economics

WSEAS TRANSACTIONS on SYSTEMS

Can competitive insurers improve network security?

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing

A web-based multi-perspective decision support system for information security planning

Decision Support Systems

Metrics for characterizing the form of security policies

The Journal of Strategic Information Systems

Security metrics and security investment models

IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security

Firms' information security investment decisions: Stock market evidence of investors' behavior

Decision Support Systems

Optimal information security investment with penetration testing

GameSec'10 Proceedings of the First international conference on Decision and game theory for security

The impact of information security breaches: Has there been a downward shift in costs?

Journal of Computer Security

A simulation-driven approach for assessing risks of complex systems

EWDC '11 Proceedings of the 13th European Workshop on Dependable Computing

Risk-neutral evaluation of information security investment on data centers

Journal of Intelligent Information Systems

Market value of voluntary disclosures concerning information security

MIS Quarterly

The impact of malicious agents on the enterprise software industry

MIS Quarterly

Formal analysis of security metrics and risk

WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication

How bad are selfish investments in network security?

IEEE/ACM Transactions on Networking (TON)

Information systems resources and information security

Information Systems Frontiers

Assessing the risk of an information infrastructure through security dependencies

CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security

Did IT consulting firms gain when their clients were breached?

Computers in Human Behavior

Safeguard information infrastructure against DDoS attacks: experiments and modeling

CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security

On the limits of cyber-insurance

TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business

A theoretical model for the average impact of attacks on billing infrastructures

MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security

A learning-based approach to reactive security

FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security

When information improves information security

FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security

Are markets for vulnerabilities effective?

MIS Quarterly

Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements

International Journal of Information Management: The Journal for Information Professionals

Profit-maximizing firm investments in customer information security

Decision Support Systems

Managing the investment in information security technology by use of a quantitative modeling

Information Processing and Management: an International Journal

Institutional Influences on Information Systems Security Innovations

Information Systems Research

Explaining investors' reaction to internet security breach using deterrence theory

International Journal of Electronic Finance

Taking value-networks to the cloud services: security services, semantics and service level agreements

Information Systems and e-Business Management

Theorizing Information Security Success: Towards Secure E-Government

International Journal of Electronic Government Research

Quantification, Optimization and Uncertainty Modeling in Information Security Risks: A Matrix-Based Approach

Information Resources Management Journal

Hacker Behavior, Network Effects, and the Security Software Market

Journal of Management Information Systems

On identifying proper security mechanisms

ICT-EurAsia'13 Proceedings of the 2013 international conference on Information and Communication Technology

The economic impact of cyber terrorism

The Journal of Strategic Information Systems

A novel approach to evaluate software vulnerability prioritization

Journal of Systems and Software

How many attackers can selfish defenders catch?

Discrete Applied Mathematics

A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis

Information Sciences: an International Journal

The burden of proof and the optimal security investment of firms in ubiquitous computing

Personal and Ubiquitous Computing

Cyber-risk decision models: To insure IT or not?

Decision Support Systems

IT security auditing: A performance evaluation decision model

Decision Support Systems