论文信息 - Cyber Security Investment in the Context of Disruptive Technologies: Extension of the Gordon-Loeb Model and Application to Critical Infrastructure Protection

Cyber Security Investment in the Context of Disruptive Technologies: Extension of the Gordon-Loeb Model and Application to Critical Infrastructure Protection

We propose an extension of the Gordon-Loeb model by considering multi-periods and relaxing the assumption of a continuous security breach probability function. Such adaptations allow capturing dynamic aspects of information security investment such as the advent of a disruptive technology and its consequences. In this paper, the case of big data analytics (BDA) and its disruptive effects on information security investment is theoretically investigated. Our analysis suggests a substantive decrease in such investment due to a technological shift. While we believe this case should be generalizable across the information security milieu, we illustrate our approach in the context of critical infrastructure protection (CIP) in which security cost reduction is of prior importance since potential losses reach unaffordable dimensions. Moreover, despite BDA has been considered as a promising method for CIP, its concrete effects have been discussed little.

[1] Tariq Mahmood,et al. Security Analytics: Big Data Analytics for cybersecurity: A review of trends, techniques and tools , 2013, 2013 2nd National Conference on Information Assurance (NCIA).

[2] Alvaro A. Cárdenas,et al. Big Data Analytics for Security , 2013, IEEE Security & Privacy.

[3] Clayton M. Christensen,et al. Disruptive innovation: the Southwest Airlines case revisited , 2011 .

[4] Lei Zhou,et al. Externalities and the Magnitude of Cyber Security Underinvestment by Private Sector Firms: A Modification of the Gordon-Loeb Model , 2015 .

[5] Ross J. Anderson,et al. Security Economics and Critical National Infrastructure , 2009, WEIS.

[6] Tyler Moore,et al. The Economics of Information Security , 2006, Science.

[7] Lawrence A. Gordon,et al. The economics of information security investment , 2002, TSEC.

[8] Arvind Sathi,et al. Big Data Analytics: Disruptive Technologies for Changing the Game , 2012 .

[9] Sherali Zeadally,et al. Critical infrastructure protection: Requirements and challenges for the 21st century , 2015, Int. J. Crit. Infrastructure Prot..

[10] Veda C. Storey,et al. Business Intelligence and Analytics: From Big Data to Big Impact , 2012, MIS Q..

[11] Ross J. Anderson. Why information security is hard - an economic perspective , 2001, Seventeenth Annual Computer Security Applications Conference.