An analysis on effects of information security investments: a BSC perspective

Kong, Hee-Kyung; Kim, Taesung; Kim, Jungduk

doi:10.1007/s10845-010-0402-7

Cited by 27 publications

(22 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Then, they presented some advisable methods for investing in IT security. Within the changing corporate business environment, Kong et al (2012) analyzed the information security investment strategies and performance from a balanced score card perspective by considering the characteristics of information security investment. Bojanc et al (2012) proposed a mathematical model to optimize the information security investment evaluation and decision-making processes.…”

Section: Literature Reviewmentioning

confidence: 99%

A game-theoretic analysis of information security investment for multiple firms in a network

Qian

Liu

Pei

et al. 2017

Journal of the Operational Research Society

View full text Add to dashboard Cite

The application of Internet of Things promotes the cooperation among firms, and it also introduces some information security issues. Due to the vulnerability of the communication network, firms need to invest in information security technologies to protect their confidential information. In this paper, considering the multiple-step propagation of a security breach in a fully connected network, an information security investment game among n firms is investigated. We make meticulous theoretic and experimental analyses on both the Nash equilibrium solution and the optimal solution. The results show that a larger network size (n) or a larger one-step propagation probability (q) has a negative effect on the Nash equilibrium investment. The optimal investment does not necessarily increase in n or q, and its variation trend depends on the concrete conditions. A compensation mechanism is proposed to encourage firms to coordinate their strategies and invest a higher amount equal to the optimal investment when they make decisions individually. At last, our model is extended by considering another direct breach probability function and another network structure, respectively. We find that a higher connection density of the network will result in a greater expected cost for each firm.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

A game-theoretic analysis of information security investment for multiple firms in a network

Qian

Liu

Pei

et al. 2017

Journal of the Operational Research Society

View full text Add to dashboard Cite

show abstract

“…This is because, as the biggest barrier to the efficiency of information security, an organization regards information security activities not as an investment but as a cost. The members of an organization have neither the proper awareness nor share the necessity of information security activities, instead regarding information security activities as little more than troublesome, inconvenient procedures, thereby failing to be motivated to conduct information protection activities [5]. Regarding the goal and necessity of the adoption and management of information technologies, the members of an organization have a high awareness of such necessity and performance, but a low awareness of the necessity of the corresponding investment, thereby they fail to facilitate such activities.…”

Section: Theoretical Background 1 Previous Researches Related Tomentioning

confidence: 99%

Information Security and Organizational Performance: Empirical Study of Korean Securities Industry

Kong¹,

Jung²,

Lee³

et al. 2015

ETRI J

View full text Add to dashboard Cite

This study was conducted to analyze the effect of information security activities on organizational performance. With this in mind and with the aim of resolving transaction stability in the securities industry, using an organization's security activities as a tool for carrying out information security activities, the effect of security activities on organizational performance was analyzed. Under the assumption that the effectiveness of information security activities can be bolstered to enhance organizational performance, such effects were analyzed based on Herzberg's motivation theory, which is one of the motivation theories that may influence information protection activities. To measure the actual attributes of the theoretical model, an empirical survey of the securities industry was conducted. In this explorative study, the proposed model was verified using partial least squares as a structural equation model consisting of IT service, information security, information sharing, transaction stability, and organizational performance.

show abstract

“…Solving (9), we obtain that     for four cases in Table 1. 10 shows the average cost in (8). In Fig.…”

Section: Exponential Distributionmentioning

confidence: 99%

“…Bodin et al showed how a chief information security officer can apply the analytic hierarchy process (AHP) to determine the best way to spend a limited information security budget [7] . Kong et al evaluated information security investments from a BSC perspective [8] .…”

mentioning

confidence: 99%

Analysis on Operation of Anti-Virus Systems with Real-Time Scan and Batch Scan

Yang¹,

Kim

2013

The Journal of Korean Institute of Communications and Informati

Self Cite

View full text Add to dashboard Cite

We consider an information system where viruses arrive according to a Poisson process with rate λ. The information system has two types of anti-virus operation policies including 'real-time scan' and 'batch scan.' In the real-time scan policy, a virus is assumed to be scanned immediately after its arrival. Consequently, the real-time scan policy assumes infinite number of anti-viruses. We assume that the time for scanning and curing a virus follows a general distribution. In the batch scan policy, a system manager operates an anti-virus every deterministic time interval and scan and cure all the viruses remaining in the system simultaneously. In this paper we suggest a probability model for the operation of anti-virus software. We derive a condition under which the operating policy is achieved. Some numerical examples with various cost structure are given to illustrate the results.※ 이 논문은 2013년도 한남대학교 교비학술연구조성비 지원에 의하여 연구되었음.First Author：한남대학교 경영학과,

show abstract

An analysis on effects of information security investments: a BSC perspective

Cited by 27 publications

References 25 publications

A game-theoretic analysis of information security investment for multiple firms in a network

A game-theoretic analysis of information security investment for multiple firms in a network

Information Security and Organizational Performance: Empirical Study of Korean Securities Industry

Analysis on Operation of Anti-Virus Systems with Real-Time Scan and Batch Scan

Contact Info

Product

Resources

About