IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v16y2014i2d10.1007_s10796-012-9390-9.html
   My bibliography  Save this article

Returns to information security investment: Endogenizing the expected loss

Author

Listed:
  • Kjell Hausken

    (University of Stavanger)

Abstract

This paper endogenizes the value of an information set which has to be produced and protected. The profit is inverse U shaped in security investment and production effort. The breach probability is commonly assumed to decrease convexly in security investment, which means that modest security investment is sufficient to deter most perpetrators. We allow the breach probability to be not only convex, but concave, which means that substantial security investment is needed to deter most perpetrators. Convexity versus concavity depends on the security environment, perpetrators, technology, and law enforcement. A firm strikes a balance between producing and protecting an information set dependent on seven model parameters for production, protection, convexity, concavity, vulnerability, and resource strength.

Suggested Citation

  • Kjell Hausken, 2014. "Returns to information security investment: Endogenizing the expected loss," Information Systems Frontiers, Springer, vol. 16(2), pages 329-336, April.
    • Handle: RePEc:spr:infosf:v:16:y:2014:i:2:d:10.1007_s10796-012-9390-9
    DOI: 10.1007/s10796-012-9390-9
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-012-9390-9
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-012-9390-9?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    2. Kjell Hausken, 2005. "Production and Conflict Models Versus Rent-Seeking Models," Public Choice, Springer, vol. 123(1), pages 59-93, April.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Saini Das & Arunabha Mukhopadhyay & Debashis Saha & Samir Sadhukhan, 2019. "A Markov-Based Model for Information Security Risk Assessment in Healthcare MANETs," Information Systems Frontiers, Springer, vol. 21(5), pages 959-977, October.
    2. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    3. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
    4. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    5. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    6. Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.
    7. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 2021. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 23(3), pages 773-790, June.
    8. Tung-Hsien Wu & Shi-Ming Huang & Shaio Yan Huang & David C. Yen, 2017. "The effect of competencies, team problem-solving ability, and computer audit activity on internal audit performance," Information Systems Frontiers, Springer, vol. 19(5), pages 1133-1148, October.
    9. Mahmud Akhter Shareef & Vinod Kumar & Yogesh K. Dwivedi & Uma Kumar, 2016. "Service delivery through mobile-government (mGov): Driving factors and cultural impacts," Information Systems Frontiers, Springer, vol. 18(2), pages 315-332, April.
    10. Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
    11. David Iliaev & Sigal Oren & Ella Segev, 2023. "A Tullock-contest-based approach for cyber security investments," Annals of Operations Research, Springer, vol. 320(1), pages 61-84, January.
    12. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 0. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 0, pages 1-18.
    13. Yosra Miaoui & Noureddine Boudriga, 0. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 0, pages 1-40.
    14. Tung-Hsien Wu & Shi-Ming Huang & Shaio Yan Huang & David C. Yen, 0. "The effect of competencies, team problem-solving ability, and computer audit activity on internal audit performance," Information Systems Frontiers, Springer, vol. 0, pages 1-16.
    15. Feng Xu & Xin (Robert) Luo & Hongyun Zhang & Shan Liu & Wei (Wayne) Huang, 2019. "Do Strategy and Timing in IT Security Investments Matter? An Empirical Investigation of the Alignment Effect," Information Systems Frontiers, Springer, vol. 21(5), pages 1069-1083, October.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Levitin, Gregory & Hausken, Kjell, 2009. "Intelligence and impact contests in systems with redundancy, false targets, and partial protection," Reliability Engineering and System Safety, Elsevier, vol. 94(12), pages 1927-1941.
    2. Kjell Hausken & Jun Zhuang, 2011. "Governments' and Terrorists' Defense and Attack in a T -Period Game," Decision Analysis, INFORMS, vol. 8(1), pages 46-70, March.
    3. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    4. Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
    5. David K Levine & Salvatore Modica, 2022. "Survival of the Weakest: Why the West Rules," Levine's Working Paper Archive 786969000000001458, David K. Levine.
    6. Levine, David K. & Modica, Salvatore, 2022. "Survival of the Weakest: Why the West Rules," Journal of Economic Behavior & Organization, Elsevier, vol. 204(C), pages 394-421.
    7. Bin Srinidhi & Jia Yan & Giri Kumar Tayi, 2008. "Firm-level Resource Allocation to Information Security in the Presence of Financial Distress," Working Papers 2008-17, School of Economic Sciences, Washington State University.
    8. Jaume Belles‐Sampera & Montserrat Guillén & Miguel Santolino, 2014. "Beyond Value‐at‐Risk: GlueVaR Distortion Risk Measures," Risk Analysis, John Wiley & Sons, vol. 34(1), pages 121-134, January.
    9. Bricha, Naji & Nourelfath, Mustapha, 2014. "Extra-capacity versus protection for supply networks under attack," Reliability Engineering and System Safety, Elsevier, vol. 131(C), pages 185-196.
    10. Adam Behrendt & Vineet M. Payyappalli & Jun Zhuang, 2019. "Modeling the Cost Effectiveness of Fire Protection Resource Allocation in the United States: Models and a 1980–2014 Case Study," Risk Analysis, John Wiley & Sons, vol. 39(6), pages 1358-1381, June.
    11. K Hausken & G Levitin, 2009. "Parallel systems with different types of defence resource expenditure under two sequential attacks," Journal of Risk and Reliability, , vol. 223(1), pages 71-85, March.
    12. Xiao, Hui & Shi, Daimin & Ding, Yi & Peng, Rui, 2016. "Optimal loading and protection of multi-state systems considering performance sharing mechanism," Reliability Engineering and System Safety, Elsevier, vol. 149(C), pages 88-95.
    13. Galindo-Silva Hector, 2021. "Conflict Externalization and the Quest for Peace: Theory and Case Evidence from Colombia," Peace Economics, Peace Science, and Public Policy, De Gruyter, vol. 27(1), pages 29-50, February.
    14. Linda J. Tallau & Manish Gupta & Raj Sharman, 2010. "Information security investment decisions: evaluating the Balanced Scorecard method," International Journal of Business Information Systems, Inderscience Enterprises Ltd, vol. 5(1), pages 34-57.
    15. Song, Jian & Houser, Daniel, 2021. "Non-exclusive group contests: An experimental analysis," Journal of Economic Psychology, Elsevier, vol. 87(C).
    16. Aniruddha Bagchi & Tridib Bandyopadhyay, 2018. "Role of Intelligence Inputs in Defending Against Cyber Warfare and Cyberterrorism," Decision Analysis, INFORMS, vol. 15(3), pages 174-193, September.
    17. Lu Xu & Yanhui Li & Qi Yao, 2022. "Information security investment and purchase decision for personalized products," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(6), pages 2619-2635, September.
    18. David K Levine & Salvatore Modica, 2013. "Conflict, Evolution, Hegemony, and the Power of the State," Levine's Working Paper Archive 786969000000000692, David K. Levine.
    19. Raul Caruso, 2008. "Reciprocity in the shadow of threat," International Review of Economics, Springer;Happiness Economics and Interpersonal Relations (HEIRS), vol. 55(1), pages 91-111, April.
    20. Alex Coram, 2006. "An asymmetric dynamic struggle between pirates and producers," UMASS Amherst Economics Working Papers 2006-07, University of Massachusetts Amherst, Department of Economics.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:16:y:2014:i:2:d:10.1007_s10796-012-9390-9. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.