Optimizing investment decisions in selecting information security remedies

Shirtz, Dov; Elovici, Yuval

doi:10.1108/09685221111143042

Cited by 23 publications

(14 citation statements)

References 26 publications

(42 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Based on given data center network topology, Wang et al (2011) recommended a probability-based model for calculating the probability of insecurity of each protected resource and the optimal investment on each security protection device. Shirtz and Elovici (2011) put forward a new framework to optimize the information security investment strategies when facing with various security measures and found that a higher investment level did not assure a higher security level. Eisenga et al (2012) made an analysis on different practices and techniques which were used to calculate the investments in IT security.…”

Section: Literature Reviewmentioning

confidence: 99%

A game-theoretic analysis of information security investment for multiple firms in a network

Qian

Liu

Pei

et al. 2017

Journal of the Operational Research Society

View full text Add to dashboard Cite

The application of Internet of Things promotes the cooperation among firms, and it also introduces some information security issues. Due to the vulnerability of the communication network, firms need to invest in information security technologies to protect their confidential information. In this paper, considering the multiple-step propagation of a security breach in a fully connected network, an information security investment game among n firms is investigated. We make meticulous theoretic and experimental analyses on both the Nash equilibrium solution and the optimal solution. The results show that a larger network size (n) or a larger one-step propagation probability (q) has a negative effect on the Nash equilibrium investment. The optimal investment does not necessarily increase in n or q, and its variation trend depends on the concrete conditions. A compensation mechanism is proposed to encourage firms to coordinate their strategies and invest a higher amount equal to the optimal investment when they make decisions individually. At last, our model is extended by considering another direct breach probability function and another network structure, respectively. We find that a higher connection density of the network will result in a greater expected cost for each firm.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

A game-theoretic analysis of information security investment for multiple firms in a network

Qian

Liu

Pei

et al. 2017

Journal of the Operational Research Society

View full text Add to dashboard Cite

show abstract

“…Отсев частичных решений, которые не могут быть достроены ни до допустимых, ни до оптимальных, осуществляется набором элиминирующих тестов В настоящей статье мы рассмотрели одну из возможных формулировок задачи оптимального выбора средств защиты информации, основанную на марковской модели киберугроз. В отличие от общепринятых подходов [2,9], где множество решений ограничивается допустимыми показателями экономического ущерба, мы задаем соответствующее ограничение с помощью функционально-временной характеристики системы, называемой нами средним временем ее жизни. В силу того что поставленная нами задача принадлежит к классу задач нелинейного целочисленного программирования, не существует универсальных методов для ее эффективного решения.…”

Section: вывод формулы для среднего времени жизниunclassified

“…Математически постановка задачи выбора оптимального набора из заданного множества средств защиты может формулироваться в рамках различных моделей. Обзор современных популярных подходов к подобным формулировкам можно найти в работе [2]. Среди наиболее часто используемых следует выделить группу подходов, основанных на теоретических моделях оценки инвестиций в информационную безопасность [3,4,5], а также серию подходов, основанную на теории игр [6,7,8].…”

unclassified

A Markov Model for Optimization of Information Security Remedies

Kasenov¹,

Kustov²,

Magazev³

et al. 2019

DSMM

View full text Add to dashboard Cite

“…In that context the past decade has introduced a more complex view of information-security management and risk assessment. Among the new approaches introduced in this field is compliance with the regulations and standards such as the ISO 27000 series and NIST publications (ISO, 2005) in addition to the demands for a justification of information-security budgets and for the support of organizational goals, while maintaining an appropriate level of security in a particular organization (Shirtz & Elovici, 2011). Meeting these requirements entails a complicated process of decision making and the selection of the best security measures and its implementation.…”

Section: Introductionmentioning

confidence: 98%