Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Managing Information Risk and the Economics of Security Kapitel lesen Erstes Kapitel lesen

2009 | OriginalPaper | Buchkapitel

5. Productivity Space of Information Security in an Extension of the Gordon-Loeb’s InvestmentModel

verfasst von : Kanta Matsuura

Erschienen in: Managing Information Risk and the Economics of Security

Verlag: Springer US

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Information security engineers provide some countermeasures so that attacks will fail. This is vulnerabilityreduction. In addition, they provide other countermeasures so that attacks will not occur. This is threat reduction. In order to study how the optimal investment for information security is influenced by these reductions, this chapter introduces a productivity space of information security. In the same manner as in the Gordon-Loeb model, where vulnerability reduction is only considered, I suppose a productivity of information security characterizes economic effects of information security investment. In particular, I consider a productivity regarding threat reduction as well as a productivity regarding vulnerability reduction, and investigate a two-dimensional space formed by the two productivities. The investigation shows that the productivity space is divided into three areas: the no-investment area where both the productivities are low, the mid-vulnerability intensive area where the vulnerability reduction productivity is high but the threat reduction productivity is low, and the high-vulnerability intensive area where the threat reduction productivity is high.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel BORIS –Business ORiented management of Information Security
Nächstes Kapitel Communicating the Economic Value of Security Investments: Value at Security Risk
Anhänge
Nur mit Berechtigung zugänglich
Literatur
Boehme, R., and Kataria, G. "Models and Measures for Correlation in Cyber-Insurance," The Fifth Workshop on the Economics of Information Security, Cambridge, UK, June 2006.
Dwork, C., and Naor, M. Pricing via Processing or Combatting Junk Mail, Lecture Notes in Computer Science (740), Springer, Berlin/Heidelberg, August 1992, pp. 139-147.
Dynes, S., Brechbuhl, H., and Johnson, M. E. "Information Security in the Extended Enterprise: Some Initial Results from a Field Study of an Industrial Firm," The Fourth Workshop on the Economics of Information Security, Cambridge, MA, June 2005.
Geer, D. E. “Making Choices to Show ROI,” Secure Business Quarterly (1:2), 2001, Q4.
Gordon, L.A., and Loeb, M.P. "The Economics of Information Security Investment," ACM Transactions on Info rmation and System Security (5:4), November 2002, pp. 438-457.CrossRef
Gordon, L.A., Loeb, M.P., and Lucyshyn, W. “Sharing Information on Computer Systems Security: An Economic Analysis,” Journal of Accounting & Public Policy (22:6), November/December 2003, pp. 461-485.CrossRef
Gordon, L. A., Loeb, M. P., Lucyshyn, W., and Richardson, R. “2005 CSI/FBI Computer Crime and Security Survey,” Computer Security Institute, July 2005, Available from: http://​gocsi.​com.​
Hoo, K.S., Sudbury, A.W., and Jaquith, A.R. “Tangible ROI through Secure Software Engineering,” Secure Business Quarterly (1:2), 2001, Q4.
Juels, A., and Brainard, J. “Client Puzzles: A Cryptographic Countermeasure against Connection Depletion Attacks,” in Proceedings of the Network and Distributed System Security Symposium 1999, San Diego, CA, February 1999, pp. 151-165.
Karabacak, B., and Sogukpinar, L. “ISRAM: Information Security Risk Analysis Method,” Computers & Security (24:2), March 2005, pp. 147-159.CrossRef
Kesan, J. P., Majuca, R. P., and Yurcik, W. J. "Cyberinsurance as a Market-Based Solution to the Problem of Cybersecurity: A Case Study," The Fourth Workshop on the Economics of Information Security, Cambridge, MA, June 2005.
Kim, S., and Lee, H.J. “Cost-Benefit Analysis of Security Investments: Methodology and Case Study,” Lecture Notes in Computer Science (3482), Berlin/Heidelberg, Springer, May 2005, pp. 1239-1248.
Kunreuther, H., and Heal, G. “Interdependent Security,” The Journal of Risk and Uncertainty (26:2/3), March 2003, pp. 231-249.MATHCrossRef
Kuper, P. “The Status of Security,” IEEE Security & Privacy (3:5), September/October 2005, pp. 51-53.CrossRef
Laurie, B., and Clayton, R. "Proof-of-Work Proves Not to Work," The Third Annual Workshop on Economics of Information Security, Minneapolis, MN, May 2004.
Liu, D., and Camp, L.J. "Proof of Work Can Work," The Fifth Workshop on the Economics of Information Security, Cambridge, UK, June 2006.
Liu, W., Tanaka, H., and Matsuura, K. “Empirical-Analysis Methodology for Information-Security Investmentand Its Application to a Reliable Survey of Japanese Firms,” IPSJ Journal (48:9), September 2007, pp. 3204-3218.
Lovea, P. E.D., Iranib, Z., Standinga, C., Lina, C., and Burna, J. M. “The Enigma of Evaluation: Benefits, Costs and Risks of IT in Australian Small-Medium-Sized Enterprises,” Information & Management (42:7), October 2005, pp. 947-964.CrossRef
Matsuura, K., and Imai, H. “Protection of Authenticated Key-Agreement Protocol against a Denial-of-Service Attack,” in Proceedings of the 1998 International Symposium on Information Theory and Its Applications, Mexico City, October 1998, pp. 466-470.
Matsuura, K., and Imai, H. “Modified Aggressive Modes of Internet Key Exchange Resistant against Denial-of-Service Attacks,” IEICE Transactions on Information and Systems (E83-D:5), May 2000, pp. 972-979.
Ogut, H., Menon, N., and Raghunathan, S. "Cyber Insuranceand IT Security Investment: Impact of Interdependent Risk," The Fourth Workshop on the Economics of Information Security, Cambridge, MA, June 2005.
Purser, S.A. “Improving the ROI of the Security Management Process,” Computers & Security (23:7), October 2004, pp. 542-546.CrossRef
Tanaka, H., Matsuura, K., and Sudoh, O. “Vulnerability and Information Security Investment: an Empirical Analysis of e-Local Government in Japan,” Journal of Accounting and Public Policy (24:1), January/February 2005, pp. 37-59.CrossRef
Varian, H. R. “System Reliability and Free Riding,” Workshop on Economics and Information Security, Berkeley, CA, May 2002.
Whitman, M. E. “Enemy at the Gate: Threats to Information Security,” Communications of the ACM (46:8), August 2003, pp. 91-95.CrossRef
Metadaten
Titel
Productivity Space of Information Security in an Extension of the Gordon-Loeb’s InvestmentModel
verfasst von
Kanta Matsuura
Copyright-Jahr
2009
Verlag
Springer US
Buch
Managing Information Risk and the Economics of Security

Print ISBN: 978-0-387-09761-9

Electronic ISBN: 978-0-387-09762-6

Copyright-Jahr: 2009

DOI
https://doi.org/10.1007/978-0-387-09762-6_5

Premium Partner

    Bildnachweise