1Tanaka H, Matsuura K, Sudoh O. Vulnerability and information security investment: An empirical analysis of e-local government in Japan [J]. Journal of Accounting and Public Policy, 2005, 24 ( 1 ) : 37- 59.
2Gupta M. Matching information security vulnerabilities to organizational security profiles: A genetic algorithm approach [J]. Decision Support Systems, 2006, 41(3) : 592-603.
3Cavusoglu H, Cavusoglu H, Zhang J. Security patch management: Share the burden or share the damage? [J]. Management Science, 2008, 54(4): 657-670.
4Cavusoglu H, Raghunathan S, Cavusoglu H. Configuration of and interaction between information security technologies., the case of firewalls and intrusion detection systems [J]. Information Systems Research, 2009, 20(2): 198-217.
5XIA Zheng-you, ZHANG Shi-yong. A kind of network security behavior model based on game theory [C] // Parallel and Distributed Computing, Applications and Technologies, PDCAT 2003 Proceedings. Los Alamitos : IEEE Computer Society, 2003:950-954.
6Cavusoglu C, Mishra B, Raghunathan S. The value of intrusion detection systems in information technology security architecture [J]. Information Systems Research, 2005, 16(1):28-46.
7Yue W T, Cakanyildirim M. Intrusion prevention in information systems: Reactive and proactive responses [J]. Journal of Management Information Systems, 2007, 24(1):329-353.
8Ogut H, Cavusoglu H, Raghunathan S. Intrusion- detection policies for IT security breaches [J]. INFORMS Journal on Computing, 2008, 20(1) : 112- 123.
9August T, Tunca T I. Network software security and user incentives [J]. Management Science, 2006, 52(11) : 1703-1720.
10Rubel P, Ihde M, Harp S, et al. Generating policies for defense in depth [C] // Proceedings - 21st Annual Computer Security Applications Conference, ACSAC 2005. Los Alamitos: IEEE Computer Society, 2005 : 505-514.
