research-article

Cyber-risk decision models

Authors:

Arunabha Mukhopadhyay,

Samir Chatterjee,

Samir K. SadhukhanAuthors Info & Claims

Decision Support Systems, Volume 56, Issue C

Pages 11 - 26

Published: 01 December 2013 Publication History

Abstract

Security breaches adversely impact profit margins, market capitalization and brand image of an organization. Global organizations resort to the use of technological devices to reduce the frequency of a security breach. To minimize the impact of financial losses from security breaches, we advocate the use of cyber-insurance products. This paper proposes models to help firms decide on the utility of cyber-insurance products and to what extent they can use them. In this paper, we propose a Copula-aided Bayesian Belief Network (CBBN) for cyber-vulnerability assessment (C-VA), and expected loss computation. Taking these as an input and using the concepts of collective risk modeling theory, we also compute the premium that a cyber risk insurer can charge to indemnify cyber losses. Further, to assist cyber risk insurers and to effectively design products, we propose a utility based preferential pricing (UBPP) model. UBPP takes into account risk profiles and wealth of the prospective insured firm before proposing the premium. Display Omitted Proposed Cyber risk insurance products to minimize the impact of financial loss of security breach.Cyber risk insurance products complement security technology.Our proposed Copula aided Bayesian Belief networks model helps to asses cyber risk.Collective risk & Utility Theory used to computes premium for Cyber risk insurance products.Cyber risks mode for to decide to opt for cyber insurance or not for organizations.

References

[1]

T. Bandyopadhyay, V.S. Mookerjee, R.C. Rao, Why it managers don't go for cyber-insurance products, Communications of the ACM, 52 (2009) 68-73.

Digital Library

[2]

T. Bandyopadhyay, V.S. Mookerjee, R.C. Rao, A model to analyze the unfulfilled promise of cyber insurance: the impact of secondary loss, in: Working Paper, 2010.

[3]

H. Barki, S. Rivard, J. Talbot, Toward an assessment of software development risk, Journal of Management Information Systems, 10 (1993) 203-225.

Digital Library

[4]

L. Barnard, R.V. Solms, A formalized approach to effective selection and evaluation of information security controls, Computer & Security, 19 (2000).

Digital Library

[5]

R.L. Baskerville, Designing Information Systems Security, Wiley, Chichester, U.K., 1988.

Digital Library

[6]

R.L. Baskerville, Information systems security design methods: implication for information systems development, ACM Computing Surveys, 25 (1993) 375-414.

Digital Library

[7]

R.L. Baskerville, Strategic information Security Risk Management, Information Security, Policy, Processes and Practices, in:, 2008.

[8]

R.L. Baskerville, V. Portougal, A possibility theory framework for security evaluation in national infrastructure protection, Journal of Database Management, 14 (2003) 1-13.

[9]

J. Becker, B. Weiíß, A. Winkelmann, Developing a business process modeling language for the banking sector-a design science approach, in: Proceedings of the 15th Americas Conference on Information Systems, San Francisco, 2009.

[10]

B. Blakley, E. McDermott, D. Geer, B. Blakley, E. McDermott, D. Geer, Information security is information risk management, in: Proceedings of the workshop on New security paradigms (NSPW '01), ACM, New York, NY, USA, 2001, pp. 97-104.

Digital Library

[11]

J. Bolot, M. LeLarge, Cyber insurance as an incentive for internet security, in: Workshop on the Economics of Information Security, Hanover, NH, 2008.

[12]

H. Cavusoglu, B. Mishra, S. Raghunathan, The effect of Internet security breach announcements on market value: capital market reaction for breached firms and Internet security developers, International Journal of Electronic Commerce, 9 (2004) 69-105.

Digital Library

[13]

R. Böhme, G. Kataria, Models and measures for correlation in cyber-insurance, in: Workshop on the Economics of Information Security (WEIS) University of Cambridge, UK, 2006, June.

[14]

R. Bohme, G. Schwartz, Modeling cyber-insurance: towards a unifying framework, in: Workshop on the Economics of Information Security (WEIS), Harvard, 2010, June.

[15]

R. Bohme, Security metrics and security investment models, in: Advances in Information and Computer Security (IWSEC 2010), LNCS 6434, Springer-Verlag, Berlin Heidelberg, 2010, pp. 10-24.

Digital Library

[16]

R. Böhme, Cyber-insurance revisited, in: Workshop on the Economics of Information Security (WEIS), Harvard, 2005.

[17]

British Standards Institute, BS 7799: Code of Practice for Information Security Management (CoP). PD0003, United Kingdom, 1993.

[18]

D. Cernauskas, A. Tarantino, Operational risk management with process control and business process modeling, The Journal of Operational Risk, 4 (2009) 1-22.

[19]

A.S. Chernobai, S.T. Rachev, Frank J. Fabozzi, Operational Risk: A Guide to Basel II Capital Requirements, Models, and Analysis, Wiley Publishing, 2007.

Digital Library

[20]

P. Chen, G. Kataria, R. Krishnan, Correlated failures, diversification, and information security risk management, MIS Quarterly, 35 (2011) 397-422.

Digital Library

[21]

T.R. Cleman, T. Reilly, Correlations and copulas for decision and risk analysis, Management Science, 45 (1999) 28-224.

[22]

T.R. Cleman, R.L. Winkler, Combining probability distributions from experts in risk analysis, Risk Analysis, 19 (1999) 187-203.

[23]

Control Objectives for Information and Related Technologies (COBIT), IT Governance Institute, USA, 2000.

[24]

C. Cornalba, P. Giudici, Statistical models for operational risk management, Physica A, 338 (2004) 166-172.

[25]

R. Courtney, Security Risk Assessment in Electronic Data Processing, in:, AFIPS, Arlington, USA, 1977, pp. 97-104.

Digital Library

[26]

B. Curtis, M.I. Kellner, J. Over, Process modeling, Communications of the ACM, 35 (1992) 75-90.

Digital Library

[27]

M. Damianides, Sarbanes-Oxley and IT governance: new guidance on IT control and compliance, Information Systems Management, 22 (2005) 77-85.

[28]

D.I. Dickstein, R.H. Flast, No Excuses: A Business Process Approach to Managing Operational Risk, John Willey & Sons Inc., Hoboken, New Jersey, 2009.

[29]

G. Dhillon, J. Backhouse, Current directions in IS security research: towards socio-organizational perspectives, Info Systems of Journal, 11 (2001) 127-153.

[30]

G. Dhillon, Managing Information System Security, Macmillan Press Ltd., London, 1997.

[31]

G. Dhillon, Realizing benefits of an information security program, Business Process Management, 10 (2004) 260-261.

[32]

G. Dhillon, J. Backhouse, Information system security management in the new millennium, Communications of the ACM, 43 (2000) 125-127.

Digital Library

[33]

G. Dhillon, G. Torkzadeh, Value focused assessment of information system security in organizations, Information Systems Journal, 16 (2006).

[34]

M. Dorey, P. Joubert, Modeling Copulas: An Overview, The Staple Inn Actuarial Society, 2005.

[35]

K. Dutta, J. Perry, A tale of tails: an empirical analysis of loss distribution models for estimating operational risk capital, in: Working paper No.06-13, Federal Reserve Bank of Boston, 2011.

[36]

U. Frank, Multi-perspective enterprise modeling (MEMO): conceptual framework and modeling languages, in: Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS), IEEE Computer Society Washington, DC, USA, Honolulu, HI, 2002, pp. 72-82.

Digital Library

[37]

D. Geer, K.S. Hoo, A. Jaquith, Information security: why the future belongs to the quants, IEEE Security and Privacy, 1 (2003) 24-32.

Digital Library

[38]

L.A. Gordon, M.P. Loeb, W. Lucyshyn, R. Richardson, CSI/FBI Computer Crime and Security Survey, 2009.

[39]

L.A. Gordon, M.P. Loeb, T. Sohail, A framework for using insurance for cyber-risk management, Communications of the ACM, 46 (2003) 81.

Digital Library

[40]

L.A. Gordon, M.P. Loeb, The economics of information security investment, ACM Transactions on Information and System Security, 5 (2002, Nov) 438-457.

Digital Library

[41]

L.A. Gordon, M.P. Loeb, Return on information security investments, myths vs realities, Strategic Finance, 84 (2002) 26-31.

[42]

S. Gorman, Alert on Hacker Power Play: U.S. Official Signals Growing Concern Over Anonymous Group's Capabilities. http://online.wsj.com/article_email/SB10001424052970204059804577229390105521090-lMyQjAxMTAyMDIwMDEyNDAyWj.html

[43]

S. Guarrao, Principles and procedures of the LRAM approach to information systems risk analysis and management, Computers & Security, 6 (1987) 493-504.

Digital Library

[44]

T. Grzebiela, Insurability of electronic commerce risks, in: Proceedings of the Hawaii International Conference on System Sciences, USA, 35, 2002.

Digital Library

[45]

J.F. Hair, William C. Black, Barry J. Babin, Rolph E. Anderson, Multivariate Data, Analysis, 7/E, 2010.

[46]

H. Herath, T. Herath, Copula Based Actuarial Model for Pricing Cyber, in: Insurance Policies Insurance Markets and Companies: Analyses and Actuarial Computations, 2, 2011.

[47]

J.D. Hinz, High severity information technology risks in finance, in: Paper Presented at the Hawaii International Conference on System Sciences, Hawaii, USA, 2005.

Digital Library

[48]

J. Hitchings, The need for a new approach to information security, in: Proceedings of the 10th International Conference on Information Security (IFIP Sec '94), Curacao, NA, 2002.

[49]

J. Hiwatashi, H. Ashida, Advancing operational risk management using Japanese banking experiences, in: Bank of Japan, Audit Office Working Paper No. 00-1, 2002, February.

[50]

L. Hoffman, E. Michelman, D. Clements, SECURATE-security evaluation and analysis using fuzzy metrics, 1978.

[51]

K. Hone, J.H.P. Eloff, Information security policy-what do international information standards say?, Computer & Security, 21 (2002) 402-409.

Digital Library

[52]

B.I. Hossack, J. Pollard, B. Zehnwirth, Introduction to Statistics with Applications to General Insurance, Cambridge University Press, 1983.

[53]

A.K. Jallow, B. Majeed, K. Vergidis, A. Tiwari, R. Roy, Operational risk analysis in business processes, BT Technology Journal, 1 (2007).

Digital Library

[54]

F.V. Jensen, Bayesian Networks and Decision Diagrams, Springer, 2001.

Digital Library

[55]

M.E. Jonson, E. Gortz, Embedding information security into organization, Security & Privacy, 5 (2007) 16-24.

Digital Library

[56]

Y. Kahane, S. Neumann, S.C. Taperio, Computer backup pools, disaster recovery, and default risk, Communications of the ACM, 31 (1988) 78-83.

Digital Library

[57]

J.P. Kesan, P.M. Ruperto, J.Y. Willam, The economic case for cyberinsurance, in: Working Paper Series No. Paper No. LE04-004, Illinois Law and Economics, 2004.

[58]

J.P. Kesan, R. Majuca, Cyberinsurance as a market-based solution to the problem of cybersecurity: a case study, in: Fourth Workshop on the Economics of Information Security (WEIS), Harvard, 2005.

[59]

L. Kiely, T.V. Benzel, Systemic security management, Security & Privacy (2006).

Digital Library

[60]

G.J. Klir, Bo Yuan, Fuzzy Sets and Fuzzy Logic: Theory and Applications, Phi Learning Pvt Ltd., 2009.

[61]

S.A. Kokolakis, A.J. Demopoulos, E.A. Kiountouzis, The use of business process modelling in information systems security analysis and design, Information Management & Computer Security, 8 (2000) 107-116.

[62]

E. Kolkowska, G. Dhillon, Organizational power and information security rule compliance, Computers & Security, 33 (2013) 3-11.

Digital Library

[63]

R. Lederman, Adverse events in hospitals: the contribution of poor information systems, in: European Conference on Information Systems, (Turku, Finland), 2004.

[64]

R. Lederman, Managing hospital databases: can large hospitals really protect patient data?, Health Informatics, 11 (2005) 201-210.

[65]

K.D. Loch, H. Carr, M.E. Warketin, Threats to information systems: today's reality, yesterday's understanding, MIS Quarterly, 16 (1992) 173-186.

[66]

M.3400 TMN Management Functions, International Telecommunications Union, 1997.

[67]

R.P. Majuca, W. Yurcik, J.P. Kesan, The Evolution of Cyber Insurance, 2005.

[68]

A. Mukhopadhyay, S. Chatterjee, D. Saha, A. Mahanti, B.B. Chakrabarti, A.K. Podder, Security breach losses in e-commerce through insurance, in: Paper Presented at the Proceedings of 4th Security Conference, Las Vegas, Nevada, 2005.

[69]

A. Mukhopadhyay, S. Chatterjee, D. Saha, A. Mahanti, A.K. Podder, e-Risk: a case for insurance, in: Paper Presented at the Proceedings of the Conference on Information Systems and Technology, New Delhi, India, 2005.

[70]

A. Mukhopadhyay, S. Chatterjee, D. Saha, A. Mahanti, S.K. Sadhukhan, e-Risk management with insurance: a framework using copula aided Bayesian belief networks, in: Paper Presented at the Hawaii International Conference on system sciences, Hawaii, USA, 2006.

Digital Library

[71]

A. Mukhopadhyay, S. Chatterjee, D. Saha, A. Mahanti, R. Roy, S.K. Sadhukhan, Insuring big losses due to security breaches through insurance: a business model, in: Proceedings of the Hawaii International Conference on System Sciences, 40, IEEE Computer Society Washington, DC, USA, 2007.

Digital Library

[72]

A. Mukhopadhyay, B.B. Chakrabarti, D. Saha, A. Mahanti, e-Risk management through self-insurance: an option model, in: Proceedings of the Hawaii International Conference on System Sciences, 40, IEEE Computer Society Washington, DC, USA, 2007.

Digital Library

[73]

A. Mukhopadhyay, A Novel Framework for Mitigating e-Risk Through Insurance, in:, IIM, Calcutta, 2007.

[74]

A. Mukhopadhyay, D. Saha, A. Mahanti, A.K. Podder, Insurance for cyber-risk: a utility model. Decision, Journal of IIM Calcutta, 32 (2005) 153-170.

[75]

R.B. Nelsen, Copulas characterization, correlation and counterexamples, Mathematics Magazine, 68 (1995) 193-198.

[76]

R.B. Nelsen, An Introduction to Copulas, Springer-Verlag, New York, Inc., 1999.

Digital Library

[77]

E.W.T. Ngai, F.K.T. Wat, Fuzzy decision support system for risk analysis in e-commerce development, Decision Support Systems, 40 (2005) 235-255.

Digital Library

[78]

J.F.V. Niekerk, R.V. Solms, Information security culture: a management perspective, Computers & Security (2010).

Digital Library

[79]

H. Ogut, N. Menon, Cyber insurance and IT security investment: impact of interdependent risk, in: Fourth Workshop on the Economics of Information Security (WEIS), Harvard, 2005.

[80]

H. Öğüt, S. Raghunathan, N. Menon, Cyber security risk management: public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection, Risk Analysis, 31 (2011) 497-512.

[81]

W. Ozeir, Risk quantification problems and Bayesian Decision Support System solutions, 1988.

[82]

D. Pauli, M. Crawford, Cyber insurance, what's that 2006. http://www.cso.com.au/article/10744/cyber_insurance_what

[83]

L. Ponemon, National survey on the detection and prevention of data security breaches. http://www.csoonline.com/features/ponemon/ponemon102306.html

[84]

R.K. Rainer, C.A. Synder, H.H. Carr, Risk analysis for information technology, Journal of Management Information Systems, 8 (1991) 129-147.

Digital Library

[85]

G.E. Rejda, Principles of Risk Management and Insurance, Pearson Publication, 2010.

[86]

B. Di Renzo, M. Hillairet, M. Picard, A. Rifaut, C. Bernard, D. Hagen, P. Maar, D. Reinard, Operational risk management in financial institutions: process assessment in concordance with Basel II, Software Process: Improvement and Practice, 12 (2007) 321-330.

Digital Library

[87]

S.J. Russell, Artificial Intelligence: A Modern Approach, Pearson, 2010.

Digital Library

[88]

H. Salmela, Analyzing business losses caused by information systems risk: a business process analysis approach, Journal of Information Technology, 23 (2008) 185-202.

[89]

R. Schmidt, K. Lyytinen, M. Keil, P. Cule, Identifying software project risks: an international Delphi study, Journal of Management Information Systems, 17 (2001, March) 5-36.

Digital Library

[90]

N. Shetty, G. Schwartz, M. Felegyhazi, J. Walrand, Competitive cyber-insurance and internet security, in: Workshop on the Economics of Information Security, London, 2009.

[91]

Sklar, Fonctions de Repartition a n Dimensions et Leurs Marges, 8, Publications del'Institut Statistique de l' Universiate de Paris, 1959, pp. 229-231.

[92]

E. Smith, J.H.P. Eloff, A prototype for assessing information technology risks in health care, Computers & Security, 21 (2002) 266-284.

Digital Library

[93]

C. Smithson, S. Paul, C. Smithson, S. Paul, Quantifying operational risk, Risk (2004) 57-59.

[94]

J.R. Staker, Use of Bayesian Belief Networks in the Analysis of Information System Network Risk, Commonwealth of Australia, 1999.

[95]

J. Sterman, Business Dynamics, Tata McGraw Hill Education Private Limited, 2010.

Digital Library

[96]

S. Strecker, D. Heise, U. Frank, RiskM: a multi-perspective modeling method for IT risk assessment, Information Systems Frontiers, 13 (2011) 595-611.

Digital Library

[97]

G.S. Smith, Recognizing and preparing loss estimates from cyber-attacks, Information Systems Security, 12 (2004) 46-58.

[98]

K. Thomson, R.v. Solms, L. Louw, Cultivating an organizational information security culture, Computer Fraud & Security, 10 (2006) 7-11.

[99]

H.R. Varian, Intermediate Economics, A Modern Approach, W W Norton Publication, 1999.

[100]

H.S. Venter, J.H.P. Eloff, A taxonomy for information security technologies, Computers & Security, 22 (May 2003) 299-307.

Digital Library

[101]

J. Wang, A. Chaudhury, H.R. Rao, A value-at-risk approach to information security investment, Information Systems Research, 19 (2008) 106-120.

Digital Library

[102]

B. Weiíß, A. Winkelmann, A metamodel based perspective on the adaptation of a process modeling language to the financial sector, in: Proceedings of the 44th Hawaii International Conference on System Sciences, Koloa, USA, 2011.

Digital Library

[103]

B. Weiíß, A. Winkelmann, Developing a process oriented notation for modeling operational risks-a conceptual meta model approach to operational risk management in knowledge intensive business process within the financial industry, in: Proceedings of the 44th Hawaii International Conference on System Sciences, Koloa, USA, 2011.

Digital Library

[104]

P. Weill, J.W. Ross, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business School Press, 2004.

Digital Library

[105]

G. Westerman, R. Hunter, IT Risk: Turning Business Threats into Competitive Advantage, Harvard Business School Press, Cambridge, 2007.

[106]

L. Willcocks, H. Margetts, Risk assessment and information systems, European Journal of Information Systems, 3 (1994) 127-138.

[107]

W. Yurcik, Cyber insurance: a market solution to the internet security market failure, in: Workshop on the Economics of Information Security (WEIS), Berkeley, 2002.

[108]

L.A. Gordon, M.P. Loeb, Budgeting Process for Information Security Expenditures, Communications of the ACM, 2006.

Digital Library

Cited By

Pal RNag B(2023)A Mathematical Theory to Price Cyber-Cat Bonds Boosting IT/OT SecurityProceedings of the Winter Simulation Conference10.5555/3643142.3643196(648-659)Online publication date: 10-Dec-2023
https://dl.acm.org/doi/10.5555/3643142.3643196
Pal RLiu PLu THua E(2023)How Hard Is Cyber-risk Management in IT/OT Systems? A Theory to Classify and Conquer Hardness of Insuring ICSsACM Transactions on Cyber-Physical Systems10.1145/35683996:4(1-31)Online publication date: 6-Jan-2023
https://dl.acm.org/doi/10.1145/3568399
Das SMukhopadhyay ASaha DSadhukhan S(2022)A Markov-Based Model for Information Security Risk Assessment in Healthcare MANETsInformation Systems Frontiers10.1007/s10796-017-9809-421:5(959-977)Online publication date: 10-Mar-2022
https://dl.acm.org/doi/10.1007/s10796-017-9809-4
Show More Cited By

Index Terms

Cyber-risk decision models

Index terms have been assigned to the content through auto-classification.

Recommendations

Cyber-risk Management Framework for Online Gaming Firms: an Artificial Neural Network Approach
Abstract
Hackers have used Distributed-Denial-of-Service attacks to overwhelm a firm’s cyber-resources resulting in disrupted access to legitimate end-users. Globally, DDoS attacks cost firms between US$ 120 K to US$ 2 M for each incident. Apart from the ...
Insuring Big Losses Due to Security Breaches through Insurance: A Business Model
HICSS '07: Proceedings of the 40th Annual Hawaii International Conference on System Sciences

Security breaches deter e-commerce activities. Organizations spend millions of dollars on security appliances to make online transactions more secure. Nonetheless, a new virus or a clever hacker can easily compromise these deterrents and cause losses of ...
Does Cyber-Insurance Benefit the Insured or the Attacker? – A Game of Cyber-Insurance
Decision and Game Theory for Security
Abstract
Cyber-insurance is an insurance policy that protects the insured from a variety of cybersecurity incidents such as cyber-attacks, ransomware, and data breaches. The rapid expansion of cyber-insurance in recent years hints the strong demand for ...

Comments

Information & Contributors

Information

Published In

cover image Decision Support Systems

Decision Support Systems Volume 56, Issue C

December 2013

524 pages

ISSN:0167-9236

Issue’s Table of Contents

Copyright © Elsevier B.V.

Publisher

Elsevier Science Publishers B. V.

Netherlands

Publication History

Published: 01 December 2013

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Pal RNag B(2023)A Mathematical Theory to Price Cyber-Cat Bonds Boosting IT/OT SecurityProceedings of the Winter Simulation Conference10.5555/3643142.3643196(648-659)Online publication date: 10-Dec-2023
https://dl.acm.org/doi/10.5555/3643142.3643196
Pal RLiu PLu THua E(2023)How Hard Is Cyber-risk Management in IT/OT Systems? A Theory to Classify and Conquer Hardness of Insuring ICSsACM Transactions on Cyber-Physical Systems10.1145/35683996:4(1-31)Online publication date: 6-Jan-2023
https://dl.acm.org/doi/10.1145/3568399
Das SMukhopadhyay ASaha DSadhukhan S(2022)A Markov-Based Model for Information Security Risk Assessment in Healthcare MANETsInformation Systems Frontiers10.1007/s10796-017-9809-421:5(959-977)Online publication date: 10-Mar-2022
https://dl.acm.org/doi/10.1007/s10796-017-9809-4
Pal RHuang ZLototsky SYin XLiu MCrowcroft JSastry NDe SNag B(2021)Will Catastrophic Cyber-Risk Aggregation Thrive in the IoT Age? A Cautionary Economics Tale for (Re-)Insurers and LikesACM Transactions on Management Information Systems10.1145/344663512:2(1-36)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1145/3446635
Fang ZXu MXu SHu T(2021)A Framework for Predicting Data Breach Risk: Leveraging Dependence to Cope With SparsityIEEE Transactions on Information Forensics and Security10.1109/TIFS.2021.305180416(2186-2201)Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1109/TIFS.2021.3051804
Mukhopadhyay AChatterjee SBagchi KKirs PShukla G(2019)Cyber Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for Cyber InsuranceInformation Systems Frontiers10.1007/s10796-017-9808-521:5(997-1018)Online publication date: 1-Oct-2019
https://dl.acm.org/doi/10.1007/s10796-017-9808-5
Liu SHu XYin M(2018)A binary risk decision method based on quantum decision theoryJournal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology10.3233/JIFS-1649535:1(663-671)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.3233/JIFS-16495
Bordoff SChen QYan Z(2017)Cyber Attacks, Contributing Factors, and Tackling StrategiesInternational Journal of Cyber Behavior, Psychology and Learning10.4018/IJCBPL.20171001067:4(68-82)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.4018/IJCBPL.2017100106
Schilling A(2017)A framework for secure IT operations in an uncertain and changing environmentComputers and Operations Research10.1016/j.cor.2017.04.00885:C(139-153)Online publication date: 1-Sep-2017
https://dl.acm.org/doi/10.1016/j.cor.2017.04.008
Schatz DBashroush R(2017)Economic valuation for information security investmentInformation Systems Frontiers10.1007/s10796-016-9648-819:5(1205-1228)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s10796-016-9648-8
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents