Abstract
AbstractWe propose a model that optimizes enterprise investments in cybersecurity using expected utility theory. The model allows computing (a) investment in self‐defense to reduce the risk of security breaches, (b) investment in cyber insurance to transfer the residual risk to insurance companies, and (c) investment in forensic readiness to make the insured firms capable of generating provable insurance claims about security breaches. A three‐phase–based model of vulnerability rate evolution over time is proposed and used to estimate the different planned security expenditures throughout the investment horizon. At the starting time of investment, a decision maker invests to cover the existing risk of breach and periodically spends to cover the additional risk observed due to the release of new vulnerabilities. In this work, the intermediate tranches are determined while considering three different attitudes of decision makers, namely, optimistic, pessimistic, and realistic. An analysis is conducted to assess the performance of the proposed models.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Applied Stochastic Models in Business and Industry
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
