Cybersecurity investment optimization with risk: Insights for resource allocation

2015 International Conference on Industrial Engineering and Operations Management (IEOM) Pub Date : 2015-03-03 DOI:10.1109/IEOM.2015.7093765

Yueran Zhuo, S. Solak

{"title":"Cybersecurity investment optimization with risk: Insights for resource allocation","authors":"Yueran Zhuo, S. Solak","doi":"10.1109/IEOM.2015.7093765","DOIUrl":null,"url":null,"abstract":"Cybersecurity has become a key factor determining the success of business operations who relies on the functioning of information systems. Hence, the effecient investment on cybersecurity is an important financial and operaional decision. We propose a modeling framework that incorporates major components relevant to cybersecurity practice, and study the characteristics of optimal cybersecurity investment decisions for a firm, as well as how they vary under different risk approaches. A data-based analysis for major industries is performed, where we map the maximum potential loss of a firm with the optimal cybersecurity budget size and discover that the optimal budget size is independent of the mix of assets that a firm holds. In addition, we also conclude that firms in finance, energy, and technology sectors should invest more in detective technologies than preventive, as oppose to even split in most other industries. Moreover, the overall cybersecurity budgets for the former set of industries should be higher when compared with others.","PeriodicalId":410110,"journal":{"name":"2015 International Conference on Industrial Engineering and Operations Management (IEOM)","volume":"150 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on Industrial Engineering and Operations Management (IEOM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IEOM.2015.7093765","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Cybersecurity has become a key factor determining the success of business operations who relies on the functioning of information systems. Hence, the effecient investment on cybersecurity is an important financial and operaional decision. We propose a modeling framework that incorporates major components relevant to cybersecurity practice, and study the characteristics of optimal cybersecurity investment decisions for a firm, as well as how they vary under different risk approaches. A data-based analysis for major industries is performed, where we map the maximum potential loss of a firm with the optimal cybersecurity budget size and discover that the optimal budget size is independent of the mix of assets that a firm holds. In addition, we also conclude that firms in finance, energy, and technology sectors should invest more in detective technologies than preventive, as oppose to even split in most other industries. Moreover, the overall cybersecurity budgets for the former set of industries should be higher when compared with others.

查看原文本刊更多论文

有风险的网络安全投资优化:资源配置的洞察

网络安全已经成为决定依赖于信息系统功能的商业运作成功的关键因素。因此，对网络安全进行有效的投资是一项重要的财务和运营决策。我们提出了一个包含与网络安全实践相关的主要组成部分的建模框架，并研究了企业最优网络安全投资决策的特征，以及它们在不同风险方法下的变化。对主要行业进行了基于数据的分析，其中我们绘制了具有最优网络安全预算规模的公司的最大潜在损失，并发现最优预算规模与公司持有的资产组合无关。此外，我们还得出结论，金融、能源和技术部门的公司应该更多地投资于侦查技术，而不是预防技术，而不是在大多数其他行业甚至分裂。此外，与其他行业相比，前一类行业的整体网络安全预算应该更高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 International Conference on Industrial Engineering and Operations Management (IEOM)

自引率

0.00%

发文量