Network externalities, layered protection and IT security risk management

Authors:
Wei T. Yue;Metin Çakanyıldırım;Young U. Ryu;Dengpan Liu
Affiliations:
Department of Information Systems and Operations Management, School of Management, The University of Texas at Dallas, Richardson, Texas 75083-0688, USA;Department of Information Systems and Operations Management, School of Management, The University of Texas at Dallas, Richardson, Texas 75083-0688, USA;Department of Information Systems and Operations Management, School of Management, The University of Texas at Dallas, Richardson, Texas 75083-0688, USA;Department of Economics and Information Systems, College of Administrative Science, University of Alabama in Huntsville, AL 35899, USA
Venue:
Decision Support Systems
Year:
2007

Citing 17
Cited 9

A stochastic dominance approach to risk analysis of computer systems

MIS Quarterly
Principles and procedures of the LRAM approach to information systems risk anaylsis and management

Computers and Security
TOPM: a formal approach to the optimization of information technology risk management

Computers and Security
Controlling prototype development through risk analysis

MIS Quarterly
Coping with systems risk: security planning models for management decision making

MIS Quarterly
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security

IEEE Transactions on Software Engineering
The economics of information security investment

ACM Transactions on Information and System Security (TISSEC)
Managing Information Security Risks: The Octave Approach

Managing Information Security Risks: The Octave Approach
Attention Shaping and Software Risk-A Categorical Analysis of Four Classical Risk Management Approaches

Information Systems Research
Two Formal Analys s of Attack Graphs

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
A Decision Analysis Method for Evaluating Computer Intrusion Detection Systems

Decision Analysis
Management of Information Security

Management of Information Security
Information assurance metric development framework for electronic bill presentment and payment systems using transaction and workflow analysis

Decision Support Systems
Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach

Decision Support Systems - Special issue: Intelligence and security informatics
Evaluating information assurance strategies

Decision Support Systems
Corporate Computer and Network Security

Corporate Computer and Network Security
Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches

Decision Analysis

Building secure e-business systems: technology and culture in the UAE

Proceedings of the 2008 ACM symposium on Applied computing
Locking the door but leaving the computer vulnerable: Factors inhibiting home users' adoption of software firewalls

Decision Support Systems
Studying users' computer security behavior: A health belief perspective

Decision Support Systems
Identifying disgruntled employee systems fraud risk through text mining: A simple solution for a multi-billion dollar problem

Decision Support Systems
A web-based multi-perspective decision support system for information security planning

Decision Support Systems
Platform-based information goods: The economics of exclusivity

Decision Support Systems
Maximising resource allocation effectiveness for IT security investments

International Journal of Business Information Systems
Knowledge sharing and investment decisions in information security

Decision Support Systems
A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis

Information Sciences: an International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper considers two important issues related to security risk management. First, the presence of network externalities in security risks. Second, the distinction of general (network) and system-specific protection measures. We found the optimal allocation of security resources (investments) in protecting every system in an organization. The results show that the consideration of network externalities and layered protection changes the risk mitigation decisions significantly. In addition, accurate estimation of system risk plays a critical role in the success of risk management. Otherwise, the use of a uniform baseline protection approach may be more desirable when the misjudgment of relative system risks is likely to occur.