Security investment and information sharing under an alternative security breach probability function

Gao, Xing; Wang, Zhong; Mei, Shue

doi:10.1007/s10796-013-9411-3

Cited by 58 publications

(24 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These range from improved information and knowledge sharing network (Bian et al, 2014;Sicari et al, 2014;Barkataki and Zeineddine, 2013;Gao et al, 2013;Tse et al, 2011) through strategic supply chain integration practices (Frohlich and Westbrook 2001;Zhao et al, 2008;Flynn et al, 2010) to the extended enterprise (Owen et al, 2008;Spekman and Davis, 2004). In adopting these collaborative strategies to support businesses, companies might however become exposed to greater supply chain risks.…”

Section: Introductionmentioning

confidence: 99%

Information and Knowledge Leakage in Supply Chain

2015

View full text Add to dashboard Cite

Abstract:The current world of post industrial value generation sees companies increasingly analyzing their internal operations against their external organizations to identify supply/demand fluctuations along the supply chain. Within these integrated relationships between internal and external parties in the supply chain, knowledge and information have become very important production resources. The existence and success of an increasing number of organizations strongly depend on their capabilities to utilize knowledge and information for profit generation. By managing more efficient information sharing, the volume of company confidential information passing through the supply chain increases, and this brings about more incidences of knowledge leakage and information leakage. A survey by PricewaterhouseCoopers in 2014 shows information security spending over the next 12 months would increase 60.27 percent in Asia and 48.98 percent in all regions. This emphasizes the importance of information privacy and therefore the necessity to study the information and knowledge leakage in integrated supply chain. The objectives of this study are to investigate the factors triggering information and knowledge leakage and create a mitigation framework to soften the impact of leakages on performance. The above objectives will be met by formulating and examining several hypotheses of a conceptualized information leakage (IL) and knowledge leakage (KL) framework. A case study derived from a structured interview is adopted as a methodology in this research. As a result, this paper contributes a novel theoretical model that characterizes information and knowledge leakage in an integrated supply chain. Therefore, it also adds new knowledge of managing information and knowledge leakage to supply chain management.

show abstract

Section: Introductionmentioning

confidence: 99%

Information and Knowledge Leakage in Supply Chain

2015

View full text Add to dashboard Cite

show abstract

“…The cybersecurity problem among interconnected firms could be seen as the typical interdependent security (IDS) problem, proposed firstly by Kunreuther and Heal [29], who conducted a case study of security investment behaviors among firms in airline security and found that there is a "free-riding problem" of firms' security investment, also denoted as negative externality. Later, some research committed to solving such a negative external issue [10,17,30,31]. For example, Zhao, Xue, and Whinston [9] explored the effects of three risk management methods including cyberinsurance, managed security services (MSSs), and risk pooling arrangements (RPAs) in addressing the investment inefficiency, and the results showed that MSSs has the best effect on security risk management, followed by RPAs and cyberinsurance.…”

Section: Interdependent Cybersecurity Investmentmentioning

confidence: 99%

Cybersecurity Investment Allocation for a Multi-Branch Firm: Modeling and Optimization

2019

Mathematics

View full text Add to dashboard Cite

Network interconnection and information sharing among firms and their departments expose them to cybersecurity breaches. Traditional cybersecurity studies have paid little attention to the reallocation of security investment within firms. This paper proposes a mathematical model for optimal allocation of cybersecurity investment among headquarters and branches with budget constraints. The differences in size of information sets and system interconnection have been taken into account. The responses of optimal allocation to internal and external factors, such as the portion of branch information set, the propagation probability, the budget constraints, and the intrinsic vulnerability, have been studied in deep both theoretically and numerically. Analysis results indicate that the group will give priority to protecting headquarters when the total budget is small and intrinsic vulnerability is high. The security investment allocated to each branch increases with budget, propagation probability and portion of information set, but never exceeds 1 / ( n + 1 ) of total budget. Numerical simulations also verify that security information sharing among headquarters and branches can help improve the efficiency of security investment in the whole system. Furthermore, the findings of this paper will draw attention to the reallocation of cybersecurity investment within a business group and help cybersecurity managers to develop investment allocation strategies and policies.

show abstract

“…In the field of economics of information security, game theory has been used as a key research approach. For example, Cavusoglu & Raghunathan, Cavusoglu et al and Levitin & Hausken give a game-theory analysis of the optimal configurations for security devices [1][2][3], Gao et al and Hausken provide a game framework to discuss the investment of information security [4][5].…”

Section: Introductionmentioning

confidence: 99%

A game-theory approach to manage decision errors

Cai

Mei

Zhong

2016

MATEC Web of Conferences

View full text Add to dashboard Cite

Abstract. With the fast development of modern computer and networks, information communication between firms and users becomes more complex. Recently, a game-theory approach has been widely used to investigate this issue. However, for firms and users, inaccuracies (defined as decision errors) persist in the gap between strategic decisions and actual actions. This paper, based on game theory, analyses the effects of decision errors on optimal equilibrium strategy of the firm and the user. Precisely speaking, we analysed how the firm and the user adjust their strategy accordingly to compensate for the mistakes caused by decision errors. Besides, we demonstrated that decision errors are not necessarily bad for the firm, and put forward the optimal methods of managing decision errors.

show abstract

Security investment and information sharing under an alternative security breach probability function

Cited by 58 publications

References 60 publications

Information and Knowledge Leakage in Supply Chain

Information and Knowledge Leakage in Supply Chain

Cybersecurity Investment Allocation for a Multi-Branch Firm: Modeling and Optimization

A game-theory approach to manage decision errors

Contact Info

Product

Resources

About