語系:
繁體中文
English
說明(常見問題)
回圖書館首頁
手機版館藏查詢
登入
回首頁
切換:
標籤
|
MARC模式
|
ISBD
Decision Making for Information Secu...
~
Yeo, Melanie Lisa.
FindBook
Google Book
Amazon
博客來
Decision Making for Information Security Investments.
紀錄類型:
書目-語言資料,印刷品 : Monograph/item
正題名/作者:
Decision Making for Information Security Investments./
作者:
Yeo, Melanie Lisa.
面頁冊數:
121 p.
附註:
Source: Dissertation Abstracts International, Volume: 74-04(E), Section: B.
Contained By:
Dissertation Abstracts International74-04B(E).
標題:
Information Technology. -
電子資源:
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=NR89293
ISBN:
9780494892930
Decision Making for Information Security Investments.
Yeo, Melanie Lisa.
Decision Making for Information Security Investments.
- 121 p.
Source: Dissertation Abstracts International, Volume: 74-04(E), Section: B.
Thesis (Ph.D.)--University of Alberta (Canada), 2012.
Enterprises must manage their information risk as part of their larger operational risk management program. Traditionally, IT security investment decisions are made in isolation. However, as firms that compete for customers in an industry are closely interlinked, a macro perspective is needed in analyzing these decisions. Using the notions of direct- and cross-risk elasticity to describe the customer response to adverse IT security events in the firm and competitor, respectively, we analyze optimal security investment decisions. The continuous-time Markov chain (CTMC) is a natural way to examine how the combination of the expected adverse event arrival rate and the expected duration of customer reactions to these adverse events impacts security spending and expected profits, given different types of customer reaction. Expanding this work, customer utility is modelled using a Hotelling setting in order to examine how the introduction of minimum security spending requirements affect total social welfare. Optimal IT security spending, expected firm profits, total social welfare, and the willingness of firms to cooperate on security improvements are highly dependent on the nature of customer response to adverse events.
ISBN: 9780494892930Subjects--Topical Terms:
1030799
Information Technology.
Decision Making for Information Security Investments.
LDR
:03259nam a2200313 4500
001
1960807
005
20140624210012.5
008
150210s2012 ||||||||||||||||| ||eng d
020
$a
9780494892930
035
$a
(MiAaPQ)AAINR89293
035
$a
AAINR89293
040
$a
MiAaPQ
$c
MiAaPQ
100
1
$a
Yeo, Melanie Lisa.
$3
2096542
245
1 0
$a
Decision Making for Information Security Investments.
300
$a
121 p.
500
$a
Source: Dissertation Abstracts International, Volume: 74-04(E), Section: B.
500
$a
Advisers: Raymond A. Pattersion; Kenneth L. Schultz.
502
$a
Thesis (Ph.D.)--University of Alberta (Canada), 2012.
520
$a
Enterprises must manage their information risk as part of their larger operational risk management program. Traditionally, IT security investment decisions are made in isolation. However, as firms that compete for customers in an industry are closely interlinked, a macro perspective is needed in analyzing these decisions. Using the notions of direct- and cross-risk elasticity to describe the customer response to adverse IT security events in the firm and competitor, respectively, we analyze optimal security investment decisions. The continuous-time Markov chain (CTMC) is a natural way to examine how the combination of the expected adverse event arrival rate and the expected duration of customer reactions to these adverse events impacts security spending and expected profits, given different types of customer reaction. Expanding this work, customer utility is modelled using a Hotelling setting in order to examine how the introduction of minimum security spending requirements affect total social welfare. Optimal IT security spending, expected firm profits, total social welfare, and the willingness of firms to cooperate on security improvements are highly dependent on the nature of customer response to adverse events.
520
$a
Once firms have made a decision regarding their security investment level, managers must consider how to implement information security controls. The effectiveness of three different control placement methods is examined by defining a flow risk reduction problem and presenting a formal model using a workflow framework. One year of simulated attacks is used to validate the quality of the solutions, finding that the math programming control placement method yields substantial improvements in terms of risk reduction and risk reduction on investment measures compared to heuristics that would typically be used by managers to solve the problem. By using a workflow approach to control placement, guiding the manager to examine the entire infrastructure in a holistic manner, this research is unique in that it enables information risk to be examined strategically.
520
$a
The contribution of this body of work is to provide managers with methods for deciding on the level and selection of information security investments, obtaining significantly better returns on these security investments.
590
$a
School code: 0351.
650
4
$a
Information Technology.
$3
1030799
650
4
$a
Operations Research.
$3
626629
650
4
$a
Information Science.
$3
1017528
690
$a
0489
690
$a
0796
690
$a
0723
710
2
$a
University of Alberta (Canada).
$b
Business.
$3
2092555
773
0
$t
Dissertation Abstracts International
$g
74-04B(E).
790
$a
0351
791
$a
Ph.D.
792
$a
2012
793
$a
English
856
4 0
$u
http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=NR89293
筆 0 讀者評論
館藏地:
全部
電子資源
出版年:
卷號:
館藏
1 筆 • 頁數 1 •
1
條碼號
典藏地名稱
館藏流通類別
資料類型
索書號
使用類型
借閱狀態
預約狀態
備註欄
附件
W9255635
電子資源
11.線上閱覽_V
電子書
EB
一般使用(Normal)
在架
0
1 筆 • 頁數 1 •
1
多媒體
評論
新增評論
分享你的心得
Export
取書館
處理中
...
變更密碼
登入