Economic valuation for information security investment: a systematic literature review
Author
Abstract
Suggested Citation
DOI: 10.1007/s10796-016-9648-8
Download full text from publisher
As the access to this document is restricted, you may want to search for a different version of it.
References listed on IDEAS
- Amanda Eisenga & Travis L. Jones & Walter Rodriguez, 2012. "Investing in IT Security: How to Determine the Maximum Threshold," International Journal of Information Security and Privacy (IJISP), IGI Global, vol. 6(3), pages 75-87, July.
- Hausken, Kjell, 2006. "Income, interdependence, and substitution effects affecting incentives for security investment," Journal of Accounting and Public Policy, Elsevier, vol. 25(6), pages 629-665.
- Cass R. Sunstein & Richard H. Thaler, 2003. "Libertarian paternalism is not an oxymoron," Conference Series ; [Proceedings], Federal Reserve Bank of Boston, vol. 48(Jun).
- Khansa, Lara & Liginlal, Divakaran, 2009. "Valuing the flexibility of investing in security process innovations," European Journal of Operational Research, Elsevier, vol. 192(1), pages 216-235, January.
- Lawrence Gordon & Martin Loeb & Tashfeen Sohail & Chih-Yang Tseng & Lei Zhou, 2008. "Cybersecurity, Capital Allocations and Management Control Systems," European Accounting Review, Taylor & Francis Journals, vol. 17(2), pages 215-241.
- Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
- Huang, C. Derrick & Behara, Ravi S., 2013. "Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints," International Journal of Production Economics, Elsevier, vol. 141(1), pages 255-268.
- R. H. Strotz, 1955. "Myopia and Inconsistency in Dynamic Utility Maximization," The Review of Economic Studies, Review of Economic Studies Ltd, vol. 23(3), pages 165-180.
- Maryam Alavi & John C. Henderson, 1981. "An Evolutionary Strategy for Implementing a Decision Support System," Management Science, INFORMS, vol. 27(11), pages 1309-1323, November.
- Richard H. Thaler & Cass R. Sunstein, 2023.
"Libertarian paternalism,"
Chapters, in: Cass R. Sunstein & Lucia A. Reisch (ed.), Research Handbook on Nudges and Society, chapter 1, pages 10-16,
Edward Elgar Publishing.
- Richard H. Thaler & Cass R. Sunstein, 2003. "Libertarian Paternalism," American Economic Review, American Economic Association, vol. 93(2), pages 175-179, May.
- Thomas L. Saaty, 1994. "How to Make a Decision: The Analytic Hierarchy Process," Interfaces, INFORMS, vol. 24(6), pages 19-43, December.
- Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William, 2003. "Sharing information on computer systems security: An economic analysis," Journal of Accounting and Public Policy, Elsevier, vol. 22(6), pages 461-485.
- Gordon, Lawrence A. & Loeb, Stephen E., 1982. "Accounting and public policy," Journal of Accounting and Public Policy, Elsevier, vol. 1(1), pages 1-3.
- Hausken, Kjell, 2007. "Information sharing among firms and cyber attacks," Journal of Accounting and Public Policy, Elsevier, vol. 26(6), pages 639-688.
Citations
Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
Cited by:
- Simon Trang & Benedikt Brendel, 2019. "A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research," Information Systems Frontiers, Springer, vol. 21(6), pages 1265-1284, December.
- Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
- Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 2021. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 23(3), pages 773-790, June.
- Martin Eling & Michael McShane & Trung Nguyen, 2021. "Cyber risk management: History and future research directions," Risk Management and Insurance Review, American Risk and Insurance Association, vol. 24(1), pages 93-125, March.
- David Rios Insua & Aitor Couce‐Vieira & Jose A. Rubio & Wolter Pieters & Katsiaryna Labunets & Daniel G. Rasines, 2021. "An Adversarial Risk Analysis Framework for Cybersecurity," Risk Analysis, John Wiley & Sons, vol. 41(1), pages 16-36, January.
- Blakely, Benjamin & Kurtenbach, Jim & Nowak, Lovila, 2022. "Exploring the information content of cyber breach reports and the relationship to internal controls," International Journal of Accounting Information Systems, Elsevier, vol. 46(C).
- Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 0. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 0, pages 1-18.
- Tejaswini C. Herath & Hemantha S. B. Herath & David Cullum, 2023. "An Information Security Performance Measurement Tool for Senior Managers: Balanced Scorecard Integration for Security Governance and Control Frameworks," Information Systems Frontiers, Springer, vol. 25(2), pages 681-721, April.
- Petar Radanliev & David Roure & Max Kleek & Uchenna Ani & Pete Burnap & Eirini Anthi & Jason R. C. Nurse & Omar Santos & Rafael Mantilla Montalvo & La’Treall Maddox, 2021. "Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems: cyber risk at the edge," Environment Systems and Decisions, Springer, vol. 41(2), pages 236-247, June.
- Martin (Dae Youp) Kang & Anat Hovav, 2020. "Benchmarking Methodology for Information Security Policy (BMISP): Artifact Development and Evaluation," Information Systems Frontiers, Springer, vol. 22(1), pages 221-242, February.
Most related items
These are the items that most often cite the same works as this one and are cited by the same works as this one.- Daniel Schatz & Rabih Bashroush, 0. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
- Xing Gao & Weijun Zhong & Shue Mei, 2014. "A game-theoretic analysis of information sharing and security investment for complementary firms," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 65(11), pages 1682-1691, November.
- Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2016. "Mandatory Standards and Organizational Information Security," Information Systems Research, INFORMS, vol. 27(1), pages 70-86, March.
- Xing Gao & Weijun Zhong, 2016. "A differential game approach to security investment and information sharing in a competitive environment," IISE Transactions, Taylor & Francis Journals, vol. 48(6), pages 511-526, June.
- Xinbao Liu & Xiaofei Qian & Jun Pei & Panos M. Pardalos, 2018. "Security investment and information sharing in the market of complementary firms: impact of complementarity degree and industry size," Journal of Global Optimization, Springer, vol. 70(2), pages 413-436, February.
- Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.
- Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
- Yosra Miaoui & Noureddine Boudriga, 0. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 0, pages 1-40.
- Levitin, Gregory & Hausken, Kjell & Taboada, Heidi A. & Coit, David W., 2012. "Data survivability vs. security in information systems," Reliability Engineering and System Safety, Elsevier, vol. 100(C), pages 19-27.
- Markus Haavio & Kaisa Kotakorpi, 2012.
"Sin Licenses Revisited,"
CESifo Working Paper Series
4010, CESifo.
- Markus Haavio and Kaisa Kotakorpi, 2012. "Sin Licenses Revisited," Discussion Papers 75, Aboa Centre for Economics.
- Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
- Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
- Maria Alessandra Antonelli & Valeria De Bonis & Angelo Castaldo & Alessandrao Gandolfo, 2022. "Sin goods taxation: an encompassing model," Public Finance Research Papers 52, Istituto di Economia e Finanza, DSGE, Sapienza University of Rome.
- Linda Thunström & Jonas Nordström & Jason F. Shogren & Mariah Ehmke & Klaas Veld, 2016.
"Strategic self-ignorance,"
Journal of Risk and Uncertainty, Springer, vol. 52(2), pages 117-136, April.
- Thunstrom, Linda & Nordstrom, Jonas & Shogren, Jason F. & Ehmke, Mariah D., 2012. "Strategic Self-Ignorance," 2012 Annual Meeting, August 12-14, 2012, Seattle, Washington 123949, Agricultural and Applied Economics Association.
- Thunström, Linda & Nordström, Jonas & Shogren, Jason F. & Ehmke, Mariah & van 't Veld, Klaas, 2013. "Strategic Self-Ignorance," Working Papers 2013:17, Lund University, Department of Economics.
- Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
- Yu, Pei Cheng, 2020.
"Seemingly exploitative contracts,"
Journal of Economic Behavior & Organization, Elsevier, vol. 176(C), pages 299-320.
- Pei-Cheng Yu, 2018. "Seemingly Exploitative Contracts," Discussion Papers 2018-15, School of Economics, The University of New South Wales.
- Robert Sugden, 2015. "Consumers' surplus when individuals lack integrated preferences: A development of some ideas from Dupuit," The European Journal of the History of Economic Thought, Taylor & Francis Journals, vol. 22(6), pages 1042-1063, December.
- Matthias Uhl, 2011. "Do Self-Committers Mind Other-Imposed Commitment? An Experiment on Weak Paternalism," Rationality, Markets and Morals, Frankfurt School Verlag, Frankfurt School of Finance & Management, vol. 2(40), June.
- Meilin He & Laura Devine & Jun Zhuang, 2018. "Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decision‐Theoretic Approach," Risk Analysis, John Wiley & Sons, vol. 38(2), pages 215-225, February.
- Haavio, Markus & Kotakorpi, Kaisa, 2011.
"The political economy of sin taxes,"
European Economic Review, Elsevier, vol. 55(4), pages 575-594, May.
- Markus Haavio & Kaisa Kotakorpi, 2009. "The Political Economy of Sin Taxes," CESifo Working Paper Series 2650, CESifo.
More about this item
Keywords
Information systems; Information security; Econometrics; Return on security investment; Systematic literature review; Managerial risk accounting;All these keywords.
Statistics
Access and download statisticsCorrections
All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:19:y:2017:i:5:d:10.1007_s10796-016-9648-8. See general information about how to correct material in RePEc.
If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.
If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .
If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.
For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .
Please note that corrections may take a couple of weeks to filter through the various RePEc services.