HKUST Library Institutional Repository Banner

HKUST Institutional Repository >
Information Systems, Business Statistics and Operations Management  >
ISOM Master Theses >

Please use this identifier to cite or link to this item: http://hdl.handle.net/1783.1/5020
Title: An economic model of investment in information security
Authors: Ye, Ruyi
Issue Date: 2004
Abstract: Information security is becoming an increasingly serious problem faced by many enterprises and organizations that perform part of their business processes via the Internet. It has been a hot topic among the industry and the academic community for many years. However, most of the research done in this field focuses on security technologies, while only a very small percentage of it focuses on economics of investment in security. Gordon and Loeb [1] have put forth a simple but useful model to determine the optimal investment in security. They consider the investment made in preventive mechanism, and derive that the optimal level of investment in information security should not exceed 37% of the expected loss caused by the vulnerability without any protection, for two classes of security breach probability functions: power function and exponential function. Based on Gordon and Loeb's work, this thesis first relaxes the specific assumption of the functional form of the security breach probability function, and provides a more general result on the upper bound of optimal investment in security. Second, it introduces hacker's response behavior and detective mechanism, and as a result makes a more general and adaptive economic model of investment in information security. It is concluded that for an arbitrary form of security breach probability function, the optimal level of total investment made in both preventive and detective mechanisms should not exceed one half of the expected loss without any protection; and this upper bound still holds if the hacker's response behavior is integrated to the model. In addition, this thesis derives the circumstance under which the investment should be made in detective mechanism for a better overall performance. Key Words: Optimal security investment, Hacker's response behavior, Detective mechanism
Description: Thesis (M.Phil.)--Hong Kong University of Science and Technology, 2004
vii, 46 leaves : ill. ; 30 cm
HKUST Call Number: Thesis ISMT 2004 Ye
URI: http://hdl.handle.net/1783.1/5020
Appears in Collections:ISOM Master Theses

Files in This Item:

File Description SizeFormat
th_redirect.html0KbHTMLView/Open

All items in this Repository are protected by copyright, with all rights reserved.