Abstract
Extensions of the Gordon-Loeb [1] and the Gordon-Loeb-Lucyshyn-Zhou [2] models are presented based on mathematical equivalency with a generalized homeland security model. The extensions include limitations on changes in the probability of attack, simultaneous effects on probability and loss, diversion of attack, and shared non-information defenses. Legal cases are then investigated to assess approximate magnitudes of external effects and the extent they are internalized by the legal system.
Highlights
The most pressing cyberthreats once came from emailed viruses, but today’s cyberattacks increasingly take the form of massive identity and intellectual property thefts and the potential for physical damage to critical infrastructure
Security and investment concerns modeled by these extensions include: 1) Multiple sites with a budget constraint: The primary difference compared to GL and GLLZ is inclusion of the shadow price of the constraint
GL thoroughly developed an influential model of cyber-security investment with important implications on the size of cybersecurity investment
Summary
The most pressing cyberthreats once came from emailed viruses, but today’s cyberattacks increasingly take the form of massive identity and intellectual property thefts and the potential for physical damage to critical infrastructure. Gordon and Loeb, GL [1], and later, Gordon, Loeb, Lucyshyn and Zhou, GLLZ [2], are leaders in examining the optimal level of spending that organizations should optimally invest in cybersecurity. Their approach uses an unconstrained expected profit maximization model where cybersecurity investments are separable from other activities of the firm. Szanton the optimum (interior) investment is found where the incremental benefits of information security equal the incremental costs. A review of legal cases involving cybersecurity breaches is used to assess the implications of including external costs in the optimal investment model
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
