Browse > Article

Probabilistic Modeling for Evaluation of Information Security Investment Portfolios  

Yang, Won-Seok (한국전자통신연구원 기술전략본부 서비스정책연구부)
Kim, Tae-Sung (충북대학교 경영정보학과/BK21사업팀)
Park, Hyun-Min (부경대학교 시스템경영공학과)
Publication Information
Journal of the Korean Operations Research and Management Science Society / v.34, no.3, 2009 , pp. 155-163 More about this Journal
Abstract
We develop a probability model to evaluate information security investment portfolios. We assume that organizations install portfolios of information security countermeasures to mitigate the damage such as loss of the transaction being processed, damage of hardware and data, etc. A queueing model and Its expected value analysis are used to derive the lost cost of transactions being processed, the replacement cost of hardwares, and the recovery cost of data. The net present value for each portfolio is derived and organizations can select the optimal information security investment portfolio by comparing portfolios.
Keywords
Security Threats; Information Security; Investment Portfolio; Economic Analysis; Probability Model;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Bodin, L.D., L.A. Gordon, and M.P. Loeb, 'Evaluating information security investments using the analytic hierarchy process,' Communications of the ACM, Vol.48, No.2 (2005), pp.79-83   DOI   ScienceOn
2 Campbell, K., L.A. Gordon, M.P. Loeb, and L. Zhou, 'The economic cost of publicly announced information security breaches : Empirical evidence from the stock market,' Journal of Computer Security, Vol.11, No.3 (2003), pp.431-448   DOI
3 Cavusoglu, H., B. Mishra, and S. Raghunathan, 'The value of intrusion detection systems in information technology security architecture,' Information Systems Research, Vol.16, No.1(2005), pp.28-46   DOI   ScienceOn
4 Harrison, P.G. and E. Pitel, 'Sojourn times in single-server queues with negative customers,' Journal of Applied Probability, Vol.30, No.4(1993), pp.943-963   DOI   ScienceOn
5 Harrison, P.G. and E. Pitel, 'The M/G/l queue with negative customers,' Advances in Applied Probability, Vol.28, No.2(1996). pp.540-566   DOI   ScienceOn
6 Towsley, D. and S.K. Tripathi, 'A single server priority queue with server failures and queue flushing,' Operations Research Letters, Vol.10, No.6(1991). pp.353-362   DOI   ScienceOn
7 Yang, W.S., J.D. Kim, and K.C. Chae, 'Analysis of M/G/l stochastic clearing systems', Stochastic Analysis and Applications, Vol. 20, No.5(2002), pp.1083-1100   DOI   ScienceOn
8 Mendenhall, W., R. Scheaffer, and D.D. Wackerly, Mathematical Statistics with Applications, 3rd edition, Duxbury Press, Boston, 1986
9 Cavusoglu, H., B. Mishra, and S. Raghunathan, 'A model for evaluating IT security investments,' Communications of the ACM, Vol.47, No.7(2004), pp.87-92   DOI   ScienceOn
10 Yang, W.S. and K.C. Chae, 'A note on the GI/M/l queue with Poisson negative arrivals,' Journal of Applied Probability, Vol.38, No.4(2001). pp.1081-1085   DOI   ScienceOn
11 Gordon, L.A., M.P. Loeb, and W. Lucyshyn, 'Information security expenditures and real options: A wait and see approach,' Computer Security Journal, Vol.19, No.2(2003), pp.1-7
12 Gordon, L.A. and M.P. Loeb, 'The economics of information security investment,' ACM Transactions on Information and System Security, Vol.5, No.4(2002), pp.438-457   DOI
13 행정안전부, 한국정보사회진흥원, 2008 정보화통계집, 한국정보사회진흥원, 2008
14 Computer Security Institute, CSI/FBI Computer Crime and Security Suruey, 2006
15 공희경, 김태성, '정보보호 투자효과에 대한 연구 동향', '정보보호학회지', 제17권, 제4호(2007), pp.12-19