Network externalities, layered protection and IT security risk management

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review

42 Scopus Citations
View graph of relations

Author(s)

  • Wei T. Yue
  • Metin Çakanyildirim
  • Young U. Ryu
  • Dengpan Liu

Detail(s)

Original languageEnglish
Pages (from-to)1-16
Journal / PublicationDecision Support Systems
Volume44
Issue number1
Publication statusPublished - Nov 2007
Externally publishedYes

Abstract

This paper considers two important issues related to security risk management. First, the presence of network externalities in security risks. Second, the distinction of general (network) and system-specific protection measures. We found the optimal allocation of security resources (investments) in protecting every system in an organization. The results show that the consideration of network externalities and layered protection changes the risk mitigation decisions significantly. In addition, accurate estimation of system risk plays a critical role in the success of risk management. Otherwise, the use of a uniform baseline protection approach may be more desirable when the misjudgment of relative system risks is likely to occur. © 2006 Elsevier B.V. All rights reserved.

Research Area(s)

  • IT risk analysis, IT risk management, IT risk mitigation, Security investments, Security resource planning

Citation Format(s)

Network externalities, layered protection and IT security risk management. / Yue, Wei T.; Çakanyildirim, Metin; Ryu, Young U. et al.
In: Decision Support Systems, Vol. 44, No. 1, 11.2007, p. 1-16.

Research output: Journal Publications and ReviewsRGC 21 - Publication in refereed journalpeer-review