Network externalities, layered protection and IT security risk management
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review
Author(s)
Detail(s)
Original language | English |
---|---|
Pages (from-to) | 1-16 |
Journal / Publication | Decision Support Systems |
Volume | 44 |
Issue number | 1 |
Publication status | Published - Nov 2007 |
Externally published | Yes |
Link(s)
Abstract
This paper considers two important issues related to security risk management. First, the presence of network externalities in security risks. Second, the distinction of general (network) and system-specific protection measures. We found the optimal allocation of security resources (investments) in protecting every system in an organization. The results show that the consideration of network externalities and layered protection changes the risk mitigation decisions significantly. In addition, accurate estimation of system risk plays a critical role in the success of risk management. Otherwise, the use of a uniform baseline protection approach may be more desirable when the misjudgment of relative system risks is likely to occur. © 2006 Elsevier B.V. All rights reserved.
Research Area(s)
- IT risk analysis, IT risk management, IT risk mitigation, Security investments, Security resource planning
Citation Format(s)
Network externalities, layered protection and IT security risk management. / Yue, Wei T.; Çakanyildirim, Metin; Ryu, Young U. et al.
In: Decision Support Systems, Vol. 44, No. 1, 11.2007, p. 1-16.
In: Decision Support Systems, Vol. 44, No. 1, 11.2007, p. 1-16.
Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review