We consider the security maintenance of information systems where the extent of vulnerability is partially observable. However, the exact extent of the vulnerability can be observed by paying an inspection fee. In each period, the decision‐maker needs to take one of three decisions: (i) do nothing, (ii) inspect and implement (fix the vulnerability) if needed, and (iii) directly implement. We prove that the optimal policy follows a threshold structure. For each value of k (the known vulnerability), there are two thresholds for the partial information: the lower of the two thresholds dictates whether for this value of k, inspection is optimal before a possible implementation or whether direct implementation (i.e., without inspection) is optimal. If inspection is done, another threshold determines whether an implementation is done or not. If neither threshold applies, it is optimal to do nothing. We develop a numerical procedure to find the decision variables in the maintenance policy. We extend the main model to include variable implementation and inspection costs. The optimality of the threshold policy is shown to hold under more general settings.We apply the model to a real‐world problem and demonstrate its applicability and value in managing security systems. Here, we study the security maintenance policies for three different real‐world telecommunications operators and find that these operators can significantly reduce the cost of managing their security by adopting our proposed policy. Another finding is that inspection is more beneficial for medium‐sized to large‐sized operators.
T oday, software supports many important tasks in a variety of industries. In the specialized nature of these environments, a common problem faced by software vendors is to correctly signal the true value of a software product to the end users. For example, telecommunications equipment manufacturers design complex software for important functions like provisioning new users in the network. These software products automate various functions that would otherwise need to be done manually. In order to enable potential customers-telecommunications providers-to evaluate and recognize the full value of the product, equipment vendors often provide a free, feature-limited version of the product to the customer. As the specific features included in the feature-limited version influence whether the full product is purchased or not, it is essential that the features included in the feature-limited version be selected judiciously. While the importance of identifying the best set of features has been well recognized, there has been little research to date that systematically addresses this fundamental business decision. This study fills this gap in the literature by providing an objective approach to the design of demonstration software. We illustrate the benefits of our approach through a case study involving the design of a feature-limited demo for a wireless telecommunications equipment manufacturer.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.