On the Gordon & Loeb Model for Information Security Investment
نویسنده
چکیده
In this paper we discuss a simple and general model for evaluating optimal investment level in information security proposed by Gordon and Loeb [5]. The authors leave an open question, whether there exists some universal upper limit for the level of optimal security investments compared to the total cost of the protected information set. They also conjecture that if such a level exists, it could be 1 e ≈ 36, 8%. In this paper, we disprove this conjecture by constructing an example where the required investment level of up to 50% can be necessary. By relaxing the original requirements of Gordon and Loeb just a little bit, we are also able to show that within their general framework examples achieving levels arbitrarily close to 100% exist.
منابع مشابه
Externalities and the Magnitude of Cyber security Underinvestment by Private Sector Firms: A Modification of the Gordon-Loeb Model
Cyber security breaches inflict costs to consumers and businesses. The possibility also exists that a cyber security breach may shut down an entire critical infrastructure industry, putting a nation’s whole economy and national defense at risk. Hence, the issue of cyber security investment has risen to the top of the agenda of business and government executives. This paper examines how the exis...
متن کاملOptimal Timing of Information Security Investment: A Real Options Approach
This paper applies real options analytic framework to firms’ investment activity in information security technology and then a dynamic analysis of information security investment is explored by extending Gordon-Loeb (2002). The current research provides how firms have to respond to immediate or remote threat numerically. It shows that although positive drift of threat causes both larger and lat...
متن کاملMethods and Approaches to Investigating Information Risks by Means of Economic Cost Models
The article deals with legal documents in the field of information security, methods of the information risk assessment including economic cost models for identifying probabilistic parameters and structure of information risks and application of these models to the analysis of investments in information security projects. An adequate assessment of information risk and optimization of investment...
متن کاملEconomic Aspects of Controlling Capital Investments in Cyberspace Security for Critical Infrastructure Assets
A model is developed which demonstrates that control systems for investments in information security have a positive net economic impact on an organization. This positive effect is an increasing function of the degree of asymmetric information (related to moral hazard and adverse selection) between Chief Security Officers and Chief Financial Officers within an organization. The role of external...
متن کامل