This paper provides an analysis of how the benefits of information segmentation can assist an organization to derive the appropriate amount to invest in cybersecurity from a cost-benefit perspective. An analytical mod...This paper provides an analysis of how the benefits of information segmentation can assist an organization to derive the appropriate amount to invest in cybersecurity from a cost-benefit perspective. An analytical model based on the framework of the Gordon-Loeb Model (<span><span><span style="font-family:Verdana;">[1]</span><span></span></span></span><span><span></span></span><span></span><span><span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">) is presented that provides a set of sufficient conditions for information segmentation to lower the total investments in cybersecurity and the expected loss from cybersecurity breaches. A numerical example illustrating the insights gained from the model is also presented.</span></span></span>展开更多
Loyalty program (LP) is a popular marketing activity of enterprises. As a result of firms’ effort to increase customers’ loyalty, point exchange or redemption services are now available worldwide. These services att...Loyalty program (LP) is a popular marketing activity of enterprises. As a result of firms’ effort to increase customers’ loyalty, point exchange or redemption services are now available worldwide. These services attract not only customers but also attackers. In pioneering research, which first focused on this LP security problem, an empirical analysis based on Japanese data is shown to see the effects of LP-point liquidity on damages caused by security incidents. We revisit the empirical models in which the choice of variables is inspired by the Gordon-Loeb formulation of security investment: damage, investment, vulnerability, and threat. The liquidity of LP points corresponds to the threat in the formulation and plays an important role in the empirical study because it particularly captures the feature of LP networks. However, the actual proxy used in the former study is artificial. In this paper, we reconsider the liquidity definition based on a further observation of LP security incidents. By using newly defined proxies corresponding to the threat as well as other refined proxies, we test hypotheses to derive more implications that help LP operators to manage partnerships;the implications are consistent with recent changes in the LP network. Thus we can see the impacts of security investment models include a wider range of empirical studies.展开更多
Given the importance of cybersecurity to the survival of an organization, a fundamental economics-based question that must be addressed by all organizations is: How much should be invested in cybersecurity related act...Given the importance of cybersecurity to the survival of an organization, a fundamental economics-based question that must be addressed by all organizations is: How much should be invested in cybersecurity related activities? Gordon and Loeb [1] presented a model to address this question, and that model has received a significant amount of attention in the academic and practitioner literature. The primary objective of this paper is to discuss the Gordon-Loeb Model with a focus on gaining insights for the model’s use in a practical setting.展开更多
文摘This paper provides an analysis of how the benefits of information segmentation can assist an organization to derive the appropriate amount to invest in cybersecurity from a cost-benefit perspective. An analytical model based on the framework of the Gordon-Loeb Model (<span><span><span style="font-family:Verdana;">[1]</span><span></span></span></span><span><span></span></span><span></span><span><span></span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">) is presented that provides a set of sufficient conditions for information segmentation to lower the total investments in cybersecurity and the expected loss from cybersecurity breaches. A numerical example illustrating the insights gained from the model is also presented.</span></span></span>
文摘Loyalty program (LP) is a popular marketing activity of enterprises. As a result of firms’ effort to increase customers’ loyalty, point exchange or redemption services are now available worldwide. These services attract not only customers but also attackers. In pioneering research, which first focused on this LP security problem, an empirical analysis based on Japanese data is shown to see the effects of LP-point liquidity on damages caused by security incidents. We revisit the empirical models in which the choice of variables is inspired by the Gordon-Loeb formulation of security investment: damage, investment, vulnerability, and threat. The liquidity of LP points corresponds to the threat in the formulation and plays an important role in the empirical study because it particularly captures the feature of LP networks. However, the actual proxy used in the former study is artificial. In this paper, we reconsider the liquidity definition based on a further observation of LP security incidents. By using newly defined proxies corresponding to the threat as well as other refined proxies, we test hypotheses to derive more implications that help LP operators to manage partnerships;the implications are consistent with recent changes in the LP network. Thus we can see the impacts of security investment models include a wider range of empirical studies.
文摘Given the importance of cybersecurity to the survival of an organization, a fundamental economics-based question that must be addressed by all organizations is: How much should be invested in cybersecurity related activities? Gordon and Loeb [1] presented a model to address this question, and that model has received a significant amount of attention in the academic and practitioner literature. The primary objective of this paper is to discuss the Gordon-Loeb Model with a focus on gaining insights for the model’s use in a practical setting.
