Information security investments: An exploratory multiple case study on decision-making, evaluation and learning

Weishäupl, Eva; Yasasin, Emrah; Schryen, Guido

doi:10.1016/j.cose.2018.02.001

Cited by 43 publications

(21 citation statements)

References 94 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Effective investments in IT [35,36], and in information security in particular [22,[37][38][39][40], have long been topics of interest in both academic and industry circles. In general, by allocating resources to cybersecurity capabilities, managers can not only effectively reduce potential losses due to cyberattacks, but also improve overall performance of their operations [22].…”

Section: Theoretical Backgroundmentioning

confidence: 99%

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

2017

View full text Add to dashboard Cite

Abstract:We developed a simulation game to study how well decision makers understand two fundamental aspects of complexity in cybersecurity: potential delays in building capabilities, and uncertainties in predicting cyber-incidents. Analyzing 1,479 simulation runs, we compared the performances of a group of experienced professionals to an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects. Both groups also exhibited similar errors when dealing with the uncertainty of cyber-incidents. Our findings highlight the importance of training for decision-makers, and lay the groundwork for future research in uncovering mental biases about the complexities of cybersecurity.

show abstract

Section: Theoretical Backgroundmentioning

confidence: 99%

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

2017

View full text Add to dashboard Cite

show abstract

“…The theoretical aspects of mathematical support for decision-making in the course of choosing a rational strategy for investing in IS are considered in [17,18]. However, these works do not describe the software implementation of those models.…”

Section: Literature Review and Problem Statementmentioning

confidence: 99%

Development of a model for choosing strategies for investing in information security

Lakhno

Malyukov

Akhmetov

et al. 2021

EEJET

View full text Add to dashboard Cite

This paper has proposed a model of the computational core for the decision support system (DSS) when investing in the projects of information security (IS) of the objects of informatization (OBI). Including those OBI that can be categorized as critically important. Unlike existing solutions, the proposed model deals with decision-making issues in the ongoing process of investing in the projects to ensure the OBI IS by a group of investors. The calculations were based on the bilinear differential quality games with several terminal surfaces. Finding a solution to these games is a big challenge. It is due to the fact that the Cauchy formula for bilinear systems with arbitrary strategies of players, including immeasurable functions, cannot be applied in such games. This gives grounds to continue research on finding solutions in the event of a conflict of multidimensional objects. The result was an analytical solution based on a new class of bilinear differential games. The solution describes the interaction of objects investing in OBI IS in multidimensional spaces. The modular software product "Cybersecurity Invest decision support system " (Ukraine) for the Windows platform is described. Applied aspects of visualization of the results of calculations obtained with the help of DSS have been also considered. The Plotly library for the Python algorithmic language was used to visualize the results. It has been shown that the model reported in this work can be transferred to other tasks related to the development of DSS in the process of investing in high-risk projects, such as information technology, cybersecurity, banking, etc.

show abstract

“…Are measures in place to protect the privacy of customers despite increased monitoring capabilities enabled by smart meters and other smart home devices [22]? Does information security contribute to the organizational goals or is it perceived as a impediment to smooth operations [48]? Can the SG fulfill the hopes by providing electricity in a safe, reliable and secure way without significantly increasing society's exposure to new threats [19]?…”

Section: Smart Grid Architecture Model (Sgam)mentioning

confidence: 99%

Representing Decision-Makers in SGAM-H: The Smart Grid Architecture Model Extended with the Human Layer

Szekeres

Snekkenes

2020

Graphical Models for Security

View full text Add to dashboard Cite

The safety and security of critical infrastructures is both a technical and a social issue. However, most risk analysis methods focus predominantly on technical aspects and ignore the impact strategic human decisions have on the behavior of systems. Furthermore, the high degree of complexity and lack of historical data for probability estimations in case of new and emerging systems seriously limit the practical utility of traditional risk analysis methods. The Conflicting Incentives Risk Analysis (CIRA) method concentrates on human decisionmakers to address these problems. However, the method's applicability is restricted by the fact that humans are not represented in the Smart Grid Architecture Model (SGAM) which is the industry's most well-known model of the Smart Grid ecosystem. Therefore, the main objective of this paper is to establish a connection between CIRA and SGAM by proposing the SGAM-H, an enhanced version of the original architecture model complemented by the Human Layer. The development and evaluation of the artifact is guided by the Design Science Research methodology. The evaluation presents a working example of applying the CIRA method on a scenario involving intra-organizational risks at a Distribution System Operator. The key benefit of the SGAM-H is that it enables the construction of a common understanding among stakeholders about risks related to key decision-makers, which is a fundamental first step towards forming a more complete picture about potential issues affecting the electric grids of the future.

show abstract

Information security investments: An exploratory multiple case study on decision-making, evaluation and learning

Cited by 43 publications

References 94 publications

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

Development of a model for choosing strategies for investing in information security

Representing Decision-Makers in SGAM-H: The Smart Grid Architecture Model Extended with the Human Layer

Contact Info

Product

Resources

About