publication . Preprint . 2008

Firm-level Resource Allocation to Information Security in the Presence of Financial Distress

Bin Srinidhi; Jia Yan; Giri Kumar Tayi;
Open Access
  • Published: 01 Aug 2008
Abstract
In this paper, we adopt an organizational perspective to the management of information security and analyze in a multi-period context how an organization should allocate its internal cash flows and available external funds to revenuegenerating (productive) and security assuring (protective) processes in the presence of security breach, borrowing and financial distress costs. We show analytically and illustrate numerically that the capital stock accumulation is lower and allocations to security are higher in the initial periods compared to the benchmark (no security breach) case, while in the long run, the steady state allocations do not differ. Further, we show ...
Subjects
free text keywords: Security Breach Costs; Financial Distress; Insurance; Resource Allocation.
17 references, page 1 of 2

Bagchi, K., and G. Udo. 2003. An Analysis Of The Growth Of Computer And Internet Security Breaches. Communications of the Association for Information Systems 12:684-700.

Bolot, J., and M. LeLarge. 2008. Cyber Insurance as an Incentive for Internet Security. Paper read at Workshop in Economics of Information Security (WEIS) Seventh Workshop on Economics of Invormation Security, June 25-28, at Hanover, NH.

Cavusoglu, H., B. Mishra, and S. Raghunathan. 2005. The Value of Intrusion Detection Systems in Information Technology Security Architecture. Information Systems Research 16 (1):28.

Garg, A., J. Curtis, and H. Halper. 2003. Quantifying the financial impact of IT security breaches. Information Management & Computer Security 11 (2):74- 83.

Gordon, L., A., M. Loeb, P., and T. Sohail. 2003. A framework for using insurance for cyber-risk management. Association for Computing Machinery. Communications of the ACM 46 (3):81.

Gordon, L., and M. P. Loeb. 2002. The Economics of Information Security Investment. ACM Transactios of Information Systems Security 5 (4):438-457.

Gordon, L. A., M. P. Loeb, W. Lucyshyn, and R. Richardson. 2006. 2006 CSI/FBI Computer Crime and Security Survey.

Hausken, K. 2006. Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Information Systems Frontiers 8 (5):338. [OpenAIRE]

Kesan, J. P., R. P. Majuca, and W. J. Yurcik. 2005. The Economic Case for Cyberinsurance. In Securing Privacy in the Internet Age, edited by A. C. e. al.: Stanford University Press.

Kumar, V., R. Telang, and T. Mukhopadhyay. 2007. Optimally Securing Interconnected Information Systems and Assets. Paper read at Workshop in Economics of Information Security (WEIS), at Pittsburgh, PA.

Lukasik, S. J. 2000. Protecting the Global Information Commons. Telecommunication Policy 24 (6):519-531.

Murphy, C. 2007. Counting the Cost of Cyber Crime. URL: www.itbusinessedge.com. Dated 6/18/07.

Ogut, H., S. Raghunathan, and N. Menon. 2005. Cyber Insurance and IT Security Investment: Impact of Interdependent Risk. In WEIS. Harvard University, Boston.

Ross, S., R. Westerfield, J. Jaffe, and B. D. Jordan. 2008. Modern Financial Management. Eigth edition ed: Mc-Graw Hill.

Rue, R., S. L. Pfleeger, and D. Ortiz. 2007. A Framework for Classifying and Comparing Models of Cyber Security Investment to Support Policy and Decision Making. Paper read at Workshop in Economics of Information Security (WEIS), at Pittsburgh, PA.

17 references, page 1 of 2
Powered by OpenAIRE Research Graph
Any information missing or wrong?Report an Issue