Browse > Article
http://dx.doi.org/10.13089/JKIISC.2010.20.2.109

Considering System Throughput to Evaluate Information Security Investment Portfolios  

Yang, Won-Seok (Department of Business Administration, Hannam University)
Kim, Tae-Sung (Department of Management Information Systems, Chungbuk National University)
Park, Hyun-Min (Department of Systems Management and Engineering, Pukyong National University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.20, no.2, 2010 , pp. 109-116 More about this Journal
Abstract
We consider an information system where its throughput deteriorates due to security threats and evaluate information security investment portfolios. We assume that organizations adopt information security countermeasures (or portfolios consisted of countermeasures) to lessen the damage resulted from the productivity (or throughput) deterioration. A probability model is used to derive the system throughput and the average number of repairs according to the occurrence rate of security threats. Considering the revenue from throughput, the repair cost, and the investment for the security system, the net present value for each portfolio is derived. Organizations can compare information security investment portfolios and select the optimal portfolio.
Keywords
Information Security Breach; Security Threat; Investment Portfolio; Throughput; Economic Analysis; Probability Model;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 W. Mendenhall, R. Scheaffer, and D.D. Wackerly, Mathematical Statistics with Applications, 3th Ed., Duxbury Press, Boston, pp. 367-370, 1986.
2 공희경, 전효정, 김태성, "AHP를 이용한 정보보호 투자 의사결정에 대한 연구," Journal of Information Technology Applications & Management, 15(1), pp. 137-150, 2008년 3월.   과학기술학회마을
3 L.A. Gordon and M.P. Loeb, Managing Cyber-Security Resources: A Cost-Benefit Analysis, McGraw-Hill, New York, pp. 53-60, Jan. 2006.
4 유진호, 지상호, 송혜인, 정경호, 임종인, "인터넷 침해사고에 의한 피해손실 측정," 정보화정책, 15(1), pp. 3-18, 2008년 3월.
5 양원석, 김태성, 박현민, "확률모형을 이용한 정보 보호 투자 포트폴리오 분석," 한국경영과학회지, 34(3), pp. 155-163, 2009년 9월.   과학기술학회마을
6 M. Ohnishi, H. Kawai, and H. Mine, "An optimal inspection and replacement policy for a deteriorating system," Journal of Applied Probability, vol. 23, no. 4, pp. 973-988, Dec. 1986.   DOI   ScienceOn
7 C.T. Lam and R.H. Yeh, "Optimal maintenance policies for deteriorating systems under various maintenance strategies," IEEE Transactions on Reliability, vol. 43, no. 3, pp. 423-430, Sep. 1994.   DOI   ScienceOn
8 C.C. Hsieh, "Replacement and standby redundancy policies in a deteriorating system with aging and random shocks," Computers and Operations Research, vol. 32, no. 9, pp. 2297-2308, Sep. 2005.   DOI   ScienceOn
9 R.H. Yeh, "Optimal inspection and replacement policies for multi-state deteriorating systems," European Journal of Operational Research, vol. 96, no. 2, pp. 248-259, Jan. 1997.   DOI   ScienceOn
10 C.C. Hsieh and K.C. Chiu, "Optimal maintenance policy in a multistate deteriorating standby system," European Journal of Operational Research, vol. 141, no. 3, pp. 689-698, Sep. 2002.   DOI   ScienceOn
11 S.M. Ross, Stochastic Process, John Wiley & Sons, New York, pp. 251-253, 1996.
12 H.W. Lilliefors, "Some confidence intervals for queues," Operations Research, vol. 14, no. 4, pp. 723-727, Aug. 1966.   DOI   ScienceOn
13 국가정보원, 방송통신위원회, 행정안전부, 지식경제부, "2009 국가정보보호백서," pp. 17-26, 2009년 4월.