On a multi-dimensional framework for information security management
Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review
Author(s)
Detail(s)
Original language | English |
---|---|
Title of host publication | 2008 Workshop on Information Technologies and Systems, WITS 2008 |
Publisher | Social Science Research Network |
Pages | 169-175 |
Publication status | Published - 2008 |
Externally published | Yes |
Conference
Title | 2008 Workshop on Information Technologies and Systems, WITS 2008 |
---|---|
Place | France |
City | Paris |
Period | 13 - 14 December 2008 |
Link(s)
Abstract
This paper analyzes interactions between a firm that seeks to dynamically choose the risk associated with a security system and hackers who seek to compromise it. We formulate the problem using an analytical model in which the level of system vulnerability at any point in time potentially affects a variety of risk factors that are balanced to provide a multi-dimensional approach to information security management. The approach not only considers conventional factors such as detection rate and false positive rate, but also includes factors that account for hacker attack behavior and learning that occurs in response to actions taken by the firm to manage system risk. System vulnerability can be lowered by increasing the system's discrimination ability (i.e., the ability to distinguish between attacks and normal usage). The discrimination ability deteriorates due to changes in the domain and through the dissemination of information about the system's vulnerabilities among hackers. The problem is solved to reveal the presence of a steady-state solution, one in which the level of system discrimination ability is held constant. We provide insights into managing various dimensions of risk in a consolidated risk management framework.
Citation Format(s)
On a multi-dimensional framework for information security management. / Bensoussan, Alain; Mookerjee, Radha; Mookerjee, Vijay et al.
2008 Workshop on Information Technologies and Systems, WITS 2008. Social Science Research Network, 2008. p. 169-175.
2008 Workshop on Information Technologies and Systems, WITS 2008. Social Science Research Network, 2008. p. 169-175.
Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review