Abstract

AbstractWhile technology is important, organizational and human factors also play a crucial role in achieving information security. In this paper we develop a system dynamics model of the interplay between technical and behavioral security factors, along with their impact on business value of an organization's IT infrastructure. The model captures delays associated with perception of security risk, the mechanics of user compliance and the mechanics of risk mitigation achieved by investments in security technology and user training. These structural model components interact to mediate the impact of security incidents on the business value generated by information technology enabled transactions. The model reveals the dynamics of erosion in and recovery of business value resulting from security incidents. Experiments with the model suggest that information security drills, analogous to fire drills, may be useful in maintaining user compliance, in addition to usual training and awareness activities. Among the management policy parameters examined, we find that improvement in realized business value is statistically significant for the minimum security risk the firm is willing to accept, and the proportion of security‐related investment spent on security technology versus security training and awareness. We also discuss how our model can be extended to help justify an organization's investments in information security, an objective that has been notoriously difficult to achieve in practice. Copyright © 2008 John Wiley & Sons, Ltd.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
How does overconfidence affect information security investment and information security performance?
Kunxiang Dong ... Zongxiao Xie
Enterprise Information Systems | VOL. 15
Kunxiang Dong, et. al.Kunxiang Dong ... Zongxiao Xie
19 Jul 2019
Expanding the Gordon-Loeb model to cyber-insurance
Henry R.K Skeoch
Computers & Security | VOL. 112
Henry R.K SkeochHenry R.K Skeoch
08 Nov 2021
Valuing Information Security Investment: A Real Options Approach
Jun Wan ... Yunfei Ren
-
Jun Wan, et. al.Jun Wan ... Yunfei Ren
01 Aug 2012
Basics of computer modeling of economic evaluation of investments in information security
V N Solyanoy
Informacionno-technologicheskij vestnik | VOL. 13
V N SolyanoyV N Solyanoy
30 Sep 2017
View more papers

More From: System Dynamics Review

Paper Title
Journal
Date
Author
Values‐based food procurement: Black farmers and structural racism in New York State
Jessica L Gilbert‐Overland
System Dynamics Review | VOL. -
Jessica L Gilbert‐OverlandJessica L Gilbert‐Overland
24 Jul 2024
Minding the abstraction gap: approaches supporting implementation
Laura J Black ... Donald R Greer
System Dynamics Review | VOL. -
Laura J Black, et. al.Laura J Black ... Donald R Greer
24 Jul 2024
Developing theoretically grounded causal maps to examine and improve policy narratives about global challenges
Raquel Froese Buzogany ... Paulo Gonçalves
System Dynamics Review | VOL. -
Raquel Froese Buzogany, et. al.Raquel Froese Buzogany ... Paulo Gonçalves
15 Jul 2024
Using system dynamics to support a functional exercise for pandemic preparedness and response
Caroline Green ... Clara Spieker
System Dynamics Review | VOL. -
Caroline Green, et. al.Caroline Green ... Clara Spieker
09 Jul 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.