東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Decision Making for Information Secu...

Yeo, Melanie Lisa.

Linked to FindBook

Google Book

Amazon

博客來

Decision Making for Information Security Investments.

Record Type:	Language materials, printed : Monograph/item
Title/Author:	Decision Making for Information Security Investments./
Author:	Yeo, Melanie Lisa.
Description:	121 p.
Notes:	Source: Dissertation Abstracts International, Volume: 74-04(E), Section: B.
Contained By:	Dissertation Abstracts International74-04B(E).
Subject:	Information Technology. -
Online resource:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=NR89293
ISBN:	9780494892930

Decision Making for Information Security Investments.
Yeo, Melanie Lisa.

Decision Making for Information Security Investments. - 121 p.

Source: Dissertation Abstracts International, Volume: 74-04(E), Section: B.

Thesis (Ph.D.)--University of Alberta (Canada), 2012.

Enterprises must manage their information risk as part of their larger operational risk management program. Traditionally, IT security investment decisions are made in isolation. However, as firms that compete for customers in an industry are closely interlinked, a macro perspective is needed in analyzing these decisions. Using the notions of direct- and cross-risk elasticity to describe the customer response to adverse IT security events in the firm and competitor, respectively, we analyze optimal security investment decisions. The continuous-time Markov chain (CTMC) is a natural way to examine how the combination of the expected adverse event arrival rate and the expected duration of customer reactions to these adverse events impacts security spending and expected profits, given different types of customer reaction. Expanding this work, customer utility is modelled using a Hotelling setting in order to examine how the introduction of minimum security spending requirements affect total social welfare. Optimal IT security spending, expected firm profits, total social welfare, and the willingness of firms to cooperate on security improvements are highly dependent on the nature of customer response to adverse events.

ISBN: 9780494892930Subjects--Topical Terms:

1030799
Information Technology.

Decision Making for Information Security Investments.
LDR:03259nam a2200313 4500 001 1960807
005 20140624210012.5
008 150210s2012 ||||||||||||||||| ||eng d
020 $a 9780494892930
035 $a (MiAaPQ)AAINR89293
035 $a AAINR89293
040 $a MiAaPQ $c MiAaPQ
100 1 $a Yeo, Melanie Lisa. $3 2096542
245 1 0 $a Decision Making for Information Security Investments.
300 $a 121 p.
500 $a Source: Dissertation Abstracts International, Volume: 74-04(E), Section: B.
500 $a Advisers: Raymond A. Pattersion; Kenneth L. Schultz.
502 $a Thesis (Ph.D.)--University of Alberta (Canada), 2012.
520 $a Enterprises must manage their information risk as part of their larger operational risk management program. Traditionally, IT security investment decisions are made in isolation. However, as firms that compete for customers in an industry are closely interlinked, a macro perspective is needed in analyzing these decisions. Using the notions of direct- and cross-risk elasticity to describe the customer response to adverse IT security events in the firm and competitor, respectively, we analyze optimal security investment decisions. The continuous-time Markov chain (CTMC) is a natural way to examine how the combination of the expected adverse event arrival rate and the expected duration of customer reactions to these adverse events impacts security spending and expected profits, given different types of customer reaction. Expanding this work, customer utility is modelled using a Hotelling setting in order to examine how the introduction of minimum security spending requirements affect total social welfare. Optimal IT security spending, expected firm profits, total social welfare, and the willingness of firms to cooperate on security improvements are highly dependent on the nature of customer response to adverse events.
520 $a Once firms have made a decision regarding their security investment level, managers must consider how to implement information security controls. The effectiveness of three different control placement methods is examined by defining a flow risk reduction problem and presenting a formal model using a workflow framework. One year of simulated attacks is used to validate the quality of the solutions, finding that the math programming control placement method yields substantial improvements in terms of risk reduction and risk reduction on investment measures compared to heuristics that would typically be used by managers to solve the problem. By using a workflow approach to control placement, guiding the manager to examine the entire infrastructure in a holistic manner, this research is unique in that it enables information risk to be examined strategically.
520 $a The contribution of this body of work is to provide managers with methods for deciding on the level and selection of information security investments, obtaining significantly better returns on these security investments.
590 $a School code: 0351.
650 4 $a Information Technology. $3 1030799
650 4 $a Operations Research. $3 626629
650 4 $a Information Science. $3 1017528
690 $a 0489
690 $a 0796
690 $a 0723
710 2 $a University of Alberta (Canada). $b Business. $3 2092555
773 0 $t Dissertation Abstracts International $g 74-04B(E).
790 $a 0351
791 $a Ph.D.
792 $a 2012
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=NR89293