HKUST Institutional Repository >
Information Systems, Business Statistics and Operations Management >
ISOM Master Theses >
Please use this identifier to cite or link to this item:
|Title: ||An economic model of investment in information security|
|Authors: ||Ye, Ruyi|
|Issue Date: ||2004 |
|Abstract: ||Information security is becoming an increasingly serious problem faced by many enterprises and organizations that perform part of their business processes via the Internet. It has been a hot topic among the industry and the academic community for many years. However, most of the research done in this field focuses on security technologies, while only a very small percentage of it focuses on economics of investment in security.
Gordon and Loeb  have put forth a simple but useful model to determine the optimal investment in security. They consider the investment made in preventive mechanism, and derive that the optimal level of investment in information security should not exceed 37% of the expected loss caused by the vulnerability without any protection, for two classes of security breach probability functions: power function and exponential function.
Based on Gordon and Loeb's work, this thesis first relaxes the specific assumption of the functional form of the security breach probability function, and provides a more general result on the upper bound of optimal investment in security. Second, it introduces hacker's response behavior and detective mechanism, and as a result makes a more general and adaptive economic model of investment in information security. It is concluded that for an arbitrary form of security breach probability function, the optimal level of total investment made in both preventive and detective mechanisms should not exceed one half of the expected loss without any protection; and this upper bound still holds if the hacker's response behavior is integrated to the model. In addition, this thesis derives the circumstance under which the investment should be made in detective mechanism for a better overall performance.
Key Words: Optimal security investment, Hacker's response behavior, Detective mechanism|
|Description: ||Thesis (M.Phil.)--Hong Kong University of Science and Technology, 2004|
vii, 46 leaves : ill. ; 30 cm
HKUST Call Number: Thesis ISMT 2004 Ye
|Appears in Collections:||ISOM Master Theses|
Files in This Item:
All items in this Repository are protected by copyright, with all rights reserved.