Journal
INFORMATION & MANAGEMENT
Volume 52, Issue 1, Pages 123-134Publisher
ELSEVIER
DOI: 10.1016/j.im.2014.10.009
Keywords
Information security management; Security investment decisions; Simulation; System dynamics
Ask authors/readers for more resources
Managing security for information assets is a critically important and challenging task. As organizations provide clients with ubiquitous access to information systems and the frequency and sophistication of security threats grows, the need to provide security assumes greater importance. Effective information security management requires security resources be deployed on multiple fronts, including attack prevention, vulnerability reduction, and threat deterrence. Using a system dynamics model, this study evaluates alternative security management strategies through an investment and security cost lens, to provide managers guidance for security decisions. The results suggest that investing in security detection tools has a higher payoff than does deterrence investment. (C) 2014 Elsevier B.V. All rights reserved.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available