Top

Published in:

2009 | OriginalPaper | Chapter

5. Productivity Space of Information Security in an Extension of the Gordon-Loeb’s InvestmentModel

Author : Kanta Matsuura

Published in: Managing Information Risk and the Economics of Security

Publisher: Springer US

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Information security engineers provide some countermeasures so that attacks will fail. This is vulnerabilityreduction. In addition, they provide other countermeasures so that attacks will not occur. This is threat reduction. In order to study how the optimal investment for information security is influenced by these reductions, this chapter introduces a productivity space of information security. In the same manner as in the Gordon-Loeb model, where vulnerability reduction is only considered, I suppose a productivity of information security characterizes economic effects of information security investment. In particular, I consider a productivity regarding threat reduction as well as a productivity regarding vulnerability reduction, and investigate a two-dimensional space formed by the two productivities. The investigation shows that the productivity space is divided into three areas: the no-investment area where both the productivities are low, the mid-vulnerability intensive area where the vulnerability reduction productivity is high but the threat reduction productivity is low, and the high-vulnerability intensive area where the threat reduction productivity is high.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter BORIS –Business ORiented management of Information Security

next chapter Communicating the Economic Value of Security Investments: Value at Security Risk

Available only for authorised users

Boehme, R., and Kataria, G. "Models and Measures for Correlation in Cyber-Insurance," The Fifth Workshop on the Economics of Information Security, Cambridge, UK, June 2006.

Dwork, C., and Naor, M. Pricing via Processing or Combatting Junk Mail, Lecture Notes in Computer Science (740), Springer, Berlin/Heidelberg, August 1992, pp. 139-147.

Dynes, S., Brechbuhl, H., and Johnson, M. E. "Information Security in the Extended Enterprise: Some Initial Results from a Field Study of an Industrial Firm," The Fourth Workshop on the Economics of Information Security, Cambridge, MA, June 2005.

Geer, D. E. “Making Choices to Show ROI,” Secure Business Quarterly (1:2), 2001, Q4.

Gordon, L.A., and Loeb, M.P. "The Economics of Information Security Investment," ACM Transactions on Info rmation and System Security (5:4), November 2002, pp. 438-457.CrossRef

Gordon, L.A., Loeb, M.P., and Lucyshyn, W. “Sharing Information on Computer Systems Security: An Economic Analysis,” Journal of Accounting & Public Policy (22:6), November/December 2003, pp. 461-485.CrossRef

Gordon, L. A., Loeb, M. P., Lucyshyn, W., and Richardson, R. “2005 CSI/FBI Computer Crime and Security Survey,” Computer Security Institute, July 2005, Available from: http://gocsi.com.

Hoo, K.S., Sudbury, A.W., and Jaquith, A.R. “Tangible ROI through Secure Software Engineering,” Secure Business Quarterly (1:2), 2001, Q4.

Juels, A., and Brainard, J. “Client Puzzles: A Cryptographic Countermeasure against Connection Depletion Attacks,” in Proceedings of the Network and Distributed System Security Symposium 1999, San Diego, CA, February 1999, pp. 151-165.

Karabacak, B., and Sogukpinar, L. “ISRAM: Information Security Risk Analysis Method,” Computers & Security (24:2), March 2005, pp. 147-159.CrossRef

Kesan, J. P., Majuca, R. P., and Yurcik, W. J. "Cyberinsurance as a Market-Based Solution to the Problem of Cybersecurity: A Case Study," The Fourth Workshop on the Economics of Information Security, Cambridge, MA, June 2005.

Kim, S., and Lee, H.J. “Cost-Benefit Analysis of Security Investments: Methodology and Case Study,” Lecture Notes in Computer Science (3482), Berlin/Heidelberg, Springer, May 2005, pp. 1239-1248.

Kunreuther, H., and Heal, G. “Interdependent Security,” The Journal of Risk and Uncertainty (26:2/3), March 2003, pp. 231-249.MATHCrossRef

Kuper, P. “The Status of Security,” IEEE Security & Privacy (3:5), September/October 2005, pp. 51-53.CrossRef

Laurie, B., and Clayton, R. "Proof-of-Work Proves Not to Work," The Third Annual Workshop on Economics of Information Security, Minneapolis, MN, May 2004.

Liu, D., and Camp, L.J. "Proof of Work Can Work," The Fifth Workshop on the Economics of Information Security, Cambridge, UK, June 2006.

Liu, W., Tanaka, H., and Matsuura, K. “Empirical-Analysis Methodology for Information-Security Investmentand Its Application to a Reliable Survey of Japanese Firms,” IPSJ Journal (48:9), September 2007, pp. 3204-3218.

Lovea, P. E.D., Iranib, Z., Standinga, C., Lina, C., and Burna, J. M. “The Enigma of Evaluation: Benefits, Costs and Risks of IT in Australian Small-Medium-Sized Enterprises,” Information & Management (42:7), October 2005, pp. 947-964.CrossRef

Matsuura, K., and Imai, H. “Protection of Authenticated Key-Agreement Protocol against a Denial-of-Service Attack,” in Proceedings of the 1998 International Symposium on Information Theory and Its Applications, Mexico City, October 1998, pp. 466-470.

Matsuura, K., and Imai, H. “Modified Aggressive Modes of Internet Key Exchange Resistant against Denial-of-Service Attacks,” IEICE Transactions on Information and Systems (E83-D:5), May 2000, pp. 972-979.

Ogut, H., Menon, N., and Raghunathan, S. "Cyber Insuranceand IT Security Investment: Impact of Interdependent Risk," The Fourth Workshop on the Economics of Information Security, Cambridge, MA, June 2005.

Purser, S.A. “Improving the ROI of the Security Management Process,” Computers & Security (23:7), October 2004, pp. 542-546.CrossRef

Tanaka, H., Matsuura, K., and Sudoh, O. “Vulnerability and Information Security Investment: an Empirical Analysis of e-Local Government in Japan,” Journal of Accounting and Public Policy (24:1), January/February 2005, pp. 37-59.CrossRef

Varian, H. R. “System Reliability and Free Riding,” Workshop on Economics and Information Security, Berkeley, CA, May 2002.

Whitman, M. E. “Enemy at the Gate: Threats to Information Security,” Communications of the ACM (46:8), August 2003, pp. 91-95.CrossRef

Title: Productivity Space of Information Security in an Extension of the Gordon-Loeb’s InvestmentModel
Author: Kanta Matsuura
Publisher: Springer US
Book: Managing Information Risk and the Economics of Security
Print ISBN: 978-0-387-09761-9

Electronic ISBN: 978-0-387-09762-6

Copyright Year: 2009
DOI: https://doi.org/10.1007/978-0-387-09762-6_5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner