Effect of security investment strategy on the business value of managed security service providers

被引：9

作者：

Feng, Nan ^{[1
]}

Wang, Meiyun ^{[1
]}

Li, Minqiang ^{[1
]}

Li, Dahui ^{[2
]}

机构：

[1] Tianjin Univ, Coll Management & Econ, Tianjin 300072, Peoples R China

[2] Univ Minnesota Duluth, Labovitz Sch Business & Econ, Duluth, MN 55812 USA

来源：

ELECTRONIC COMMERCE RESEARCH AND APPLICATIONS | 2019年 / 35卷

基金：

中国国家自然科学基金;

关键词：

Managed security service; Security investment; Business value; System dynamics; INFORMATION-SECURITY; E-COMMERCE; DYNAMICS; MODEL; RETURNS; SYSTEMS; GAME;

D O I：

10.1016/j.elerap.2019.100843

中图分类号：

F [经济];

学科分类号：

02 ;

摘要：

Managed security service providers (MSSPs) have long provided clients with cost-effective methods and professional solutions for addressing issues related to information security. MSSPs provide three categories of security services, namely, prevention, detection, and response, to satisfy their clients' security requirements and realize business value. This study develops a system dynamics model of the correlation between the security investment strategies of an MSSP and the effect of its business value. Simulations under opportunistic and targeted attacks are performed to discuss the effects of the various security investment strategies of an MSSP on its business value. The study results indicate that investing in prevention has a stronger effect on the business value of an MSSP than investing in detection and response and that security investments on opportunistic attacks are more efficient than those on targeted attacks. Sensitivity analysis shows the robustness of the system dynamics model proposed in this study.

引用

页数：16

共 50 条

[31] Security Certification for Service-Based Business Ecosystems
Lotz, Volkmar
Di Cerbo, Francesco
Bezzi, Michele
Kaluvuri, Samuel Paul
Sabetta, Antonino
Trabelsi, Slim
COMPUTER JOURNAL, 2015, 58 (04): : 709 - 723
[32] The impact of supply chain security practices on security operational performance among logistics service providers in an emerging economy Security culture as moderator
Zailani, Suhaiza Hanim
Subaramaniam, Karthigesu Seva
Iranmanesh, Mohammad
Shaharudin, Mohd Rizaimy
INTERNATIONAL JOURNAL OF PHYSICAL DISTRIBUTION & LOGISTICS MANAGEMENT, 2015, 45 (07) : 652 - 673
[33] Maximizing business information security's educational value
Grimaila, MR
IEEE SECURITY & PRIVACY, 2004, 2 (01) : 56 - 60
[34] Servitization in a Security Business: Changing the Logic of Value Creation
Rajala, Arto
Westerlund, Mika
Murtonen, Mervi
Starck, Kim
TECHNOLOGY INNOVATION MANAGEMENT REVIEW, 2013, : 65 - 72
[35] A Study on National Mining Investment Security Analysis for the Overseas Mineral Resources Investment Business
Ko, Eun-Mi
Choi, Soen-Gyu
Kim, Chang Seong
Kim, Seong-Yong
Pak, Sang Joon
ECONOMIC AND ENVIRONMENTAL GEOLOGY, 2008, 41 (05): : 475 - 484
[36] Investment Strategy Analysis of Information Systems with Different Security Levels
Pan, Chongxia
Zhong, Weijun
Mei, Shu-E
2017 IEEE 2ND INTERNATIONAL CONFERENCE ON BIG DATA ANALYSIS (ICBDA), 2017, : 703 - 708
[37] GROWTH-SECURITY INVESTMENT STRATEGY FOR LONG AND SHORT RUNS
LI, YM
MANAGEMENT SCIENCE, 1993, 39 (08) : 915 - 924
[38] Cyber Security Operations Centre Security Monitoring for protecting Business and supporting Cyber Defense Strategy
Onwubiko, Cyril
2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015,
[39] Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability
Kjell Hausken
Information Systems Frontiers, 2006, 8 : 338 - 349
[40] Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability
Hausken, Kjell
INFORMATION SYSTEMS FRONTIERS, 2006, 8 (05) : 338 - 349

← 1 2 3 4 5 →