Optimal Information Security Architecture for the Enterprise
Information security is growing to be an IT priority for many firms, but several critical dimensions of enterprise security like type of loss or strategic effects of countermeasures have received little attention in the economics-based literature. We develop a model of a contagious threat that can attack multiple divisions of a firm's enterprise network and cause both availability and confidentiality losses. Firms commonly deploy countermeasures to mitigate the harmful effects of threats. Such deployment is complicated by the CIO's lack of information on the information systems of the divisions and due to the differing goals of division managers. In this setting, we model the business process and interconnectivity requirements of the enterprise and demonstrate how to optimally design the security architecture, which consists of protection, recovery and cryptographic measures. We evaluate commonly suggested mechanisms like subsidies and liability and find that they are inadequate as well as informationally demanding. To remedy these problems which directly impact practitioners, we derive mechanisms that have no ex-post informational requirements and are easily implementable for both availability and confidentiality losses. Some of our results are counterintuitive, notably that countermeasure can be overdeployed by division managers and that having a single platform for all divisions can decrease unexpected confidentiality losses
Year of publication: |
2008
|
---|---|
Authors: | Kumar, Vineet ; Telang, Rahul ; Mukhopadhyay, Tridas |
Publisher: |
[S.l.] : SSRN |
Saved in:
freely available
Extent: | 1 Online-Ressource (43 p) |
---|---|
Type of publication: | Book / Working Paper |
Language: | English |
Notes: | Nach Informationen von SSRN wurde die ursprüngliche Fassung des Dokuments January 1, 2008 erstellt |
Other identifiers: | 10.2139/ssrn.1086690 [DOI] |
Source: | ECONIS - Online Catalogue of the ZBW |
Persistent link: https://www.econbiz.de/10014220774
Saved in favorites
Similar items by person
-
Wattal, Sunil, (2005)
-
Information personalization in a two-dimensional product differentiation model
Wattal, Sunil, (2009)
-
What's in a "name"? : impact of use of customer information in e-mail advertisements
Wattal, Sunil, (2012)
- More ...