共查询到20条相似文献,搜索用时 15 毫秒
1.
2.
What is the economic impact of cyber terrorism? Can organizations achieve strategic advantage in the cyber terrorism game? A general game theoretical model is proposed to study the optimal information systems (ISs) security investment and then applied to compare the losses caused by cyber terrorists and common hackers. Literature is reviewed on IS security, game theoretical models of IS security, cyber terrorism, cyber deterrence and IS security breach function. Simulations with varying levels of attacker’s preference, breach function sensitivity and deterrence level are carried out to determine sensitivity to the optimal IS security investment. Results suggest that organizations should invest more to protect their strategic information systems against cyber terrorists who have long-term goals. 相似文献
3.
Kjell Hausken 《Information Systems Frontiers》2014,16(2):329-336
This paper endogenizes the value of an information set which has to be produced and protected. The profit is inverse U shaped in security investment and production effort. The breach probability is commonly assumed to decrease convexly in security investment, which means that modest security investment is sufficient to deter most perpetrators. We allow the breach probability to be not only convex, but concave, which means that substantial security investment is needed to deter most perpetrators. Convexity versus concavity depends on the security environment, perpetrators, technology, and law enforcement. A firm strikes a balance between producing and protecting an information set dependent on seven model parameters for production, protection, convexity, concavity, vulnerability, and resource strength. 相似文献
4.
5.
With the growing importance of information security due to the arrival of information society and the spread of the internet, information security is emerging as a tool to guarantee competitive advantage and is at the same time an indispensable requirement for stable business execution for companies and organizations. Additionally, the value of tangible and intangible assets that need to be protected as components of corporate assets are on the rise, where the importance of efficient and effective information asset management and information security investment is increasing for the organizations and companies managing them. However, despite an increase in the information security investment of an organization, there is a lack of systematic methodology pertaining to performance appraisals, which makes decision-making activities and determining means of improvement difficult. The existing financially focused information security investment is inadequate for systematic analyses and understanding due to the opportunity cost type characteristics of information security investment and the difficulty involved in presenting future strategic direction. This paper, considering the characteristics of the effects of information security investment, analyzes from a balanced score card perspective information security investment strategies and performance relationships. In short, critical success factors and key performance indicators are initially obtained from previous research related to information security investment, and the data collected through surveys at related companies and organizations are empirically analyzed utilizing the structural equation model. 相似文献
6.
股票交易各业务系统积累了大量数据。对这些数据进行有效的分析处理,以发现在股票交易数据间的内在相互联系,对指导投资决策具有重要的意义。文中针对股票交易建立了一种分析模型,并给出该模型的数据预处理算法。在此基础上,通过采用关联规则挖掘的思想实现该类规则的挖掘算法,实验证明该模型和算法是有效的。 相似文献
7.
目前人们对信息安全问题的认识和关注正在逐步提高,用于保护信息系统安全的投资行为也变得主动。如何确定恰当的投资额度,以取得安全收益和安全投资之间的平衡成为一个问题。本文从经验和实际出发,对这个问题提出了自己的看法,并提供了一个简单实用的估算公式。 相似文献
8.
9.
文章在网络安全风险分析和网络安全产品对威胁的防御能力分析的基础上,得出构建网络安全的风险分析与投资决策模型。 相似文献
10.
Bill Boni 《Network Security》2000,2000(11):18-19
The current state of Internet and E-commerce safeguards is a confusing melange of technical safeguards that work, more or less. Difficult as it is to make them work together, they can be effective in managing risks if they are implemented. However, at present many security professionals find it difficult, in spite of the post Y2K awareness of senior executives, to get sufficient investment for safeguards for electronic business systems. It seems that for every manager who appreciates the significance of media reports of a successful hack against prominent Web business sites, there are two others who have not seen the point yet, who subscribe to the “meteor strike” theory of risk management (i.e. “never seen a meteor strike anyone I know”), and who thus need to be educated about the risks arising from E-commerce before they will make an adequate investment in security. 相似文献
11.
Shyue-Liang Wang Jyun-Da Chen Paul A. Stirpe Tzung-Pei Hong 《Journal of Intelligent Information Systems》2011,36(3):329-345
Based on given data center network topology and risk-neutral management, this work proposes a simple but efficient probability-based
model to calculate the probability of insecurity of each protected resource and the optimal investment on each security protection
device when a data center is under security breach. We present two algorithms that calculate the probability of threat and
the optimal investment for data center security respectively. Based on the insecurity flow model (Moskowitz and Kang 1997) of analyzing security violations, we first model data center topology using two basic components, namely resources and filters,
where resources represent the protected resources and filters represent the security protection devices. Four basic patterns are then identified as the building blocks for the first algorithm,
called Accumulative Probability of Insecurity, to calculate the accumulative probability of realized threat (insecurity) on each resource. To calculate the optimal security
investment, a risk-neutral based algorithm, called Optimal Security Investment, which maximizes the total expected net benefit is then proposed. Numerical simulations show that the proposed approach coincides
with Gordon’s (Gordon and Loeb, ACM Transactions on Information and Systems Security 5(4):438–457, 2002) single-system analytical model. In addition, numerical results on two common data center topologies are analyzed and compared
to demonstrate the effectiveness of the proposed approach. The technique proposed here can be used to facilitate the analysis
and design of more secured data centers. 相似文献
12.
Knowledge sharing is an important component of knowledge management systems. Security knowledge sharing substantially reduces risk and investment in information security. Despite the importance of information security, little research based on knowledge sharing has focused on the security profession. Therefore, this study analyses key factors, containing attitude, self-efficacy, trust, norm of reciprocity, and shared language, in respect of the information security workers intention to share knowledge. Information security professionals in virtual communities, including the Information Security Professional Association (ISPA), Information Systems Security Association (ISSA), Society of Information Risk Analysts (SIRA), and LinkedIn security groups, were surveyed to test the proposed research model. Confirmatory factor analysis (CFA) and the structural equation modelling (SEM) technique were used to analyse the data and evaluate the research model. The results showed that the research model fit the data well and the structural model suggests a strong relationship between attitude, trust, and norms of reciprocity to knowledge sharing intention. Hypotheses regarding the influence of self-efficacy and reciprocity, to knowledge sharing attitude were upheld. Shared language did not influence either the attitude or intention to share knowledge. 相似文献
13.
Sung-Kyu Park Song-Ha Lee Taek-Young Kim Hyo-Jung Jun Tae-Sung Kim 《Journal in Computer Virology》2017,13(4):289-296
Recently, as the incidents of the security breach and the personal information leakage in public institutions and the major information/communication infrastructure have increased, the importance of the development and training of human resources specialized in cybersecurity, who can immediately respond to this are emphasized. Accordingly, the government has announced policies for the development of human resources, established and operated public sector cybersecurity training centers; however, there is no method for understanding the investment performance and effect of the present cybersecurity education/training in the public sector. For the establishment of a training system and the quality control of continuing education, a method for evaluating the performance of the training is needed, and this can prove the justification of the promotion of the training program and the sustainability of the training center. The goal of this study is to analyze the outcome of education and training in the field of information security and economic return on investment. For this purpose, through literature research on the outcome of the domestic and overseas education and training, this study drew a model that can apply. 相似文献
14.
信息安全评估是保障SCADA系统正常工作的基础性工作。现有各类评估方法都未考虑攻击者与防御者双方之间的相互影响及经济效益。为了解决这一问题,提出了一种基于攻击防御树和博弈论的评估方法。该方法以攻击防御树为基础,计算攻击者和防御者各自的期望收益函数,并建立系统的攻防博弈模型,求解该完全信息静态博弈模型的混合策略纳什均衡,得到攻防双方的策略选择概率分布结果。针对一个SCADA系统主从站的信息攻防实例进行计算分析,说明了该方法的具体应用。评估结果表明,该方法合理可行,能够帮助风险管理者评估现有系统信息安全防御措施的投资效益,有针对性地重点部署防御措施,实现收益最大化。 相似文献
15.
Since organizations have recognized needs for industrial technique leakage prevention, they tend to construct industrial security system causing huge consumption of budget, yet many of them are not affordable to organize industrial security team to operate integrated industrial security management system with consistent investment and maintenance. It is fact that there only occur instant introductions of certain system. In this study, we designed industrial security management model for organizations’ industrial technology leakage prevention which is differentiated from those of large enterprises based on current status of small and medium-sized organizations’ industrial technology leakage. Specifically we analyzed current status and vulnerability of organizations’ industrial technique leakage and we designed industrial technique leakage prevention management system for organizations. Then we applied Delphi method to validate appropriateness of study result. We strongly believe that organizations may estimate an appropriate level of investment on industrial security and develop countermeasures for control by utilizing this study result. 相似文献
16.
Michael Felderer Philipp Zech Ruth Breu Matthias Büchler Alexander Pretschner 《Software Testing, Verification and Reliability》2016,26(2):119-148
Model‐based security testing relies on models to test whether a software system meets its security requirements. It is an active research field of high relevance for industrial applications, with many approaches and notable results published in recent years. This article provides a taxonomy for model‐based security testing approaches. It comprises filter criteria (i.e. model of system security, security model of the environment and explicit test selection criteria) as well as evidence criteria (i.e. maturity of evaluated system, evidence measures and evidence level). The taxonomy is based on a comprehensive analysis of existing classification schemes for model‐based testing and security testing. To demonstrate its adequacy, 119 publications on model‐based security testing are systematically extracted from the five most relevant digital libraries by three researchers and classified according to the defined filter and evidence criteria. On the basis of the classified publications, the article provides an overview of the state of the art in model‐based security testing and discusses promising research directions with regard to security properties, coverage criteria and the feasibility and return on investment of model‐based security testing. Copyright © 2015 John Wiley & Sons, Ltd. 相似文献
17.
Ruey-Chyn Tsaur 《International journal of systems science》2013,44(3):438-450
In the finance market, a short-term investment strategy is usually applied in portfolio selection in order to reduce investment risk; however, the economy is uncertain and the investment period is short. Further, an investor has incomplete information for selecting a portfolio with crisp proportions for each chosen security. In this paper we present a new method of constructing fuzzy portfolio model for the parameters of fuzzy-input return rates and fuzzy-output proportions, based on possibilistic mean–standard deviation models. Furthermore, we consider both excess or shortage of investment in different economic periods by using fuzzy constraint for the sum of the fuzzy proportions, and we also refer to risks of securities investment and vagueness of incomplete information during the period of depression economics for the portfolio selection. Finally, we present a numerical example of a portfolio selection problem to illustrate the proposed model and a sensitivity analysis is realised based on the results. 相似文献
18.
本文尝试采用最优保存策略的遗传算法来求解William Sharpe模型,并且将实现N种证券投资组合优化的模拟分析,其求解结果相对数学分析来说比较合理。 相似文献
19.
本文尝试采用最优保存策略的遗传算法来求解WilliamSharpe模型,并且将实现N种证券投资组合优化的模拟分析,其求解结果相对数学分析来说比较合理, 相似文献