IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v16y2014i2d10.1007_s10796-012-9390-9.html
   My bibliography  Save this article

Returns to information security investment: Endogenizing the expected loss

Author

Listed:
  • Kjell Hausken

    (University of Stavanger)

Abstract

This paper endogenizes the value of an information set which has to be produced and protected. The profit is inverse U shaped in security investment and production effort. The breach probability is commonly assumed to decrease convexly in security investment, which means that modest security investment is sufficient to deter most perpetrators. We allow the breach probability to be not only convex, but concave, which means that substantial security investment is needed to deter most perpetrators. Convexity versus concavity depends on the security environment, perpetrators, technology, and law enforcement. A firm strikes a balance between producing and protecting an information set dependent on seven model parameters for production, protection, convexity, concavity, vulnerability, and resource strength.

Suggested Citation

  • Kjell Hausken, 2014. "Returns to information security investment: Endogenizing the expected loss," Information Systems Frontiers, Springer, vol. 16(2), pages 329-336, April.
    • Handle: RePEc:spr:infosf:v:16:y:2014:i:2:d:10.1007_s10796-012-9390-9
    DOI: 10.1007/s10796-012-9390-9
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-012-9390-9
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-012-9390-9?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Kjell Hausken, 2005. "Production and Conflict Models Versus Rent-Seeking Models," Public Choice, Springer, vol. 123(1), pages 59-93, April.
    2. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
    2. David Iliaev & Sigal Oren & Ella Segev, 2023. "A Tullock-contest-based approach for cyber security investments," Annals of Operations Research, Springer, vol. 320(1), pages 61-84, January.
    3. Saini Das & Arunabha Mukhopadhyay & Debashis Saha & Samir Sadhukhan, 2019. "A Markov-Based Model for Information Security Risk Assessment in Healthcare MANETs," Information Systems Frontiers, Springer, vol. 21(5), pages 959-977, October.
    4. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    5. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
    6. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    7. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 0. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 0, pages 1-18.
    8. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    9. Yosra Miaoui & Noureddine Boudriga, 0. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 0, pages 1-40.
    10. Tung-Hsien Wu & Shi-Ming Huang & Shaio Yan Huang & David C. Yen, 0. "The effect of competencies, team problem-solving ability, and computer audit activity on internal audit performance," Information Systems Frontiers, Springer, vol. 0, pages 1-16.
    11. Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.
    12. Feng Xu & Xin (Robert) Luo & Hongyun Zhang & Shan Liu & Wei (Wayne) Huang, 2019. "Do Strategy and Timing in IT Security Investments Matter? An Empirical Investigation of the Alignment Effect," Information Systems Frontiers, Springer, vol. 21(5), pages 1069-1083, October.
    13. Chenglong Zhang & Nan Feng & Jianjian Chen & Dahui Li & Minqiang Li, 2021. "Outsourcing Strategies for Information Security: Correlated Losses and Security Externalities," Information Systems Frontiers, Springer, vol. 23(3), pages 773-790, June.
    14. Tung-Hsien Wu & Shi-Ming Huang & Shaio Yan Huang & David C. Yen, 2017. "The effect of competencies, team problem-solving ability, and computer audit activity on internal audit performance," Information Systems Frontiers, Springer, vol. 19(5), pages 1133-1148, October.
    15. Mahmud Akhter Shareef & Vinod Kumar & Yogesh K. Dwivedi & Uma Kumar, 2016. "Service delivery through mobile-government (mGov): Driving factors and cultural impacts," Information Systems Frontiers, Springer, vol. 18(2), pages 315-332, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Levitin, Gregory & Hausken, Kjell, 2009. "False targets vs. redundancy in homogeneous parallel systems," Reliability Engineering and System Safety, Elsevier, vol. 94(2), pages 588-595.
    2. Song, Jian & Houser, Daniel, 2021. "Non-exclusive group contests: An experimental analysis," Journal of Economic Psychology, Elsevier, vol. 87(C).
    3. Levitin, Gregory & Hausken, Kjell, 2009. "Intelligence and impact contests in systems with redundancy, false targets, and partial protection," Reliability Engineering and System Safety, Elsevier, vol. 94(12), pages 1927-1941.
    4. Kjell Hausken & Jun Zhuang, 2011. "Governments' and Terrorists' Defense and Attack in a T -Period Game," Decision Analysis, INFORMS, vol. 8(1), pages 46-70, March.
    5. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    6. Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
    7. Anna Nagurney & Ladimer Nagurney, 2015. "A game theory model of cybersecurity investments with information asymmetry," Netnomics, Springer, vol. 16(1), pages 127-148, August.
    8. Seyed Alireza Hasheminasab & Behrouz Tork Ladani, 2018. "Security Investment in Contagious Networks," Risk Analysis, John Wiley & Sons, vol. 38(8), pages 1559-1575, August.
    9. K Hausken & G Levitin, 2010. "Defence of homogeneous parallel multi-state systems subject to two sequential attacks," Journal of Risk and Reliability, , vol. 224(3), pages 171-183, September.
    10. Send, Jonas, 2020. "Conflict between non-exclusive groups," Journal of Economic Behavior & Organization, Elsevier, vol. 177(C), pages 858-874.
    11. David K Levine & Salvatore Modica, 2022. "Survival of the Weakest: Why the West Rules," Levine's Working Paper Archive 786969000000001458, David K. Levine.
    12. Levine, David K. & Modica, Salvatore, 2022. "Survival of the Weakest: Why the West Rules," Journal of Economic Behavior & Organization, Elsevier, vol. 204(C), pages 394-421.
    13. Amitava Dutta & Rahul Roy, 2008. "Dynamics of organizational information security," System Dynamics Review, System Dynamics Society, vol. 24(3), pages 349-375, September.
    14. Levitin, Gregory & Hausken, Kjell, 2008. "Protection vs. redundancy in homogeneous parallel systems," Reliability Engineering and System Safety, Elsevier, vol. 93(10), pages 1444-1451.
    15. Gries, Thomas & Haake, Claus-Jochen, 2016. "An Economic Theory of 'Destabilization War' '- Compromise for Peace versus Conventional, Guerilla, or Terrorist Warfare," VfS Annual Conference 2016 (Augsburg): Demographic Change 145617, Verein für Socialpolitik / German Economic Association.
    16. Bin Srinidhi & Jia Yan & Giri Kumar Tayi, 2008. "Firm-level Resource Allocation to Information Security in the Presence of Financial Distress," Working Papers 2008-17, School of Economic Sciences, Washington State University.
    17. Kjell Hausken & Andreas Ortmann, 2007. "A first experimental test of multilevel game theory: the PD case," Applied Economics Letters, Taylor & Francis Journals, vol. 15(4), pages 261-264.
    18. Jaume Belles‐Sampera & Montserrat Guillén & Miguel Santolino, 2014. "Beyond Value‐at‐Risk: GlueVaR Distortion Risk Measures," Risk Analysis, John Wiley & Sons, vol. 34(1), pages 121-134, January.
    19. Indraneel Dasgupta & Ranajoy Guha Neogi, 2018. "Between-group contests over group-specific public goods with within-group fragmentation," Public Choice, Springer, vol. 174(3), pages 315-334, March.
    20. Levitin, Gregory & Hausken, Kjell & Taboada, Heidi A. & Coit, David W., 2012. "Data survivability vs. security in information systems," Reliability Engineering and System Safety, Elsevier, vol. 100(C), pages 19-27.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:16:y:2014:i:2:d:10.1007_s10796-012-9390-9. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.