A Layered Decision Model for cost-effective system security
International Journal of Information and Computer Security
Intrusion Prevention in Information Systems: Reactive and Proactive Responses
Journal of Management Information Systems
Understanding the Value of Countermeasure Portfolios in Information Systems Security
Journal of Management Information Systems
Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment
Journal of Management Information Systems
Choice and Chance: A Conceptual Model of Paths to Information Security Compromise
Information Systems Research
Investments in Information Security: A Real Options Perspective with Bayesian Postaudit
Journal of Management Information Systems
A Deployment Value Model for Intrusion Detection Sensors
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Constructing an ARP attack detection system with SNMP traffic data mining
Proceedings of the 11th International Conference on Electronic Commerce
Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers
Journal of Management Information Systems
Information security investment decisions: evaluating the Balanced Scorecard method
International Journal of Business Information Systems
Toward user patterns for online security: Observation time and online user identification
Decision Support Systems
Risks and Benefits of Signaling Information System Characteristics to Strategic Attackers
Journal of Management Information Systems
An Analysis of the Impact of Passenger Profiling for Transportation Security
Operations Research
Security metrics and security investment models
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Detecting complex account fraud in the enterprise: The role of technical and non-technical controls
Decision Support Systems
Optimal information security investment with penetration testing
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Security interdependencies for networked control systems with identical agents
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Information systems resources and information security
Information Systems Frontiers
Are markets for vulnerabilities effective?
MIS Quarterly
Institutional Influences on Information Systems Security Innovations
Information Systems Research
Security of interdependent and identical networked control systems
Automatica (Journal of IFAC)
Information Systems and e-Business Management
Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits
ACM Transactions on Management Information Systems (TMIS) - Special Issue on Informatics for Smart Health and Wellbeing
IT security auditing: A performance evaluation decision model
Decision Support Systems
Hi-index | 0.00 |
The increasing significance of information technology (IT) security to firms is evident from their growing IT security budgets. Firms rely on security technologies such as firewalls and intrusion detection systems (IDSs) to manage IT security risks. Although the literature on the technical aspects of IT security is proliferating, a debate exists in the IT security community about the value of these technologies. In this paper, we seek to assess the value of IDSs in a firm's IT security architecture. We find that the IDS configuration, represented by detection (true positive) and false alarm (false positive) rates, determines whether a firm realizes a positive or negative value from the IDS. Specifically, we show that a firm realizes a positive value from an IDS only when the detection rate is higher than a critical value, which is determined by the hacker's benefit and cost parameters. When the firm realizes a positive (negative) value, the IDS deters (sustains) hackers. However, irrespective of whether the firm realizes a positive or negative value from the IDS, the IDS enables the firm to better target its investigation of users, while keeping the detection rate the same. Our results suggest that the positive value of an IDS results not from improved detection per se, but from an increased deterrence enabled by improved detection. Finally, we show that the firm realizes a strictly nonnegative value if the firm configures the IDS optimally based on the hacking environment.