Huseyin Cavusoglu

Learn More
Assessing the value of information technology (IT) security is challenging because of the difficulty of measuring the cost of security breaches. An event-study analysis, using market valuations, was used to assess the impact of security breaches on the market value of breached firms. The information-transfer effect of security breaches (i.e., their effect(More)
A ssessing the return on investment has always been a sticking point for technology investments. Similar to IT productivity paradox [1], Return on Security Investment (ROSI) has become a controversial topic due to immense growth of e-businesses. Defining the value of security investments is challenging. However, it is clear that “security consumers will(More)
Assessing the value of information technology (IT) security investments by firms is a challenging task because of difficulties in the measurement of tangible and intangible benefits. Event study methodology that uses market valuations is a widely used in these cases. We employ the event study methodology to assess the impact of Internet security breaches on(More)
The trend of employing game mechanisms and techniques in non-game contexts, gamification, has dramatically increased in recent years. Gamification can be viewed as a new paradigm for enhancing brand awareness and loyalty, innovation, and online user engagement. With the novelty and potential of gamification, until now there is limited understanding and(More)
T increasing significance of information technology (IT) security to firms is evident from their growing IT security budgets. Firms rely on security technologies such as firewalls and intrusion detection systems (IDSs) to manage IT security risks. Although the literature on the technical aspects of IT security is proliferating, a debate exists in the IT(More)
F are increasingly relying on software to detect fraud in domains such as security, financial services, tax, and auditing. A fundamental problem in using detection software for fraud detection is achieving the optimal balance between the detection and false-positive rates. Many firms use decision theory to address the configuration problem. Decision theory(More)
We examine the implications of a firm outsourcing both (i) security device management which attempts to prevent security breaches and (ii) security monitoring which attempts to detect security breaches to managed security service providers (MSSPs). In the context of security outsourcing, the firm not only faces the traditional moral hazard problem as it(More)
P management is a crucial component of information security management. An important problem within this context from a vendor’s perspective is to determine how to release patches to fix vulnerabilities in its software. From a firm’s perspective, the issue is how to update vulnerable systems with available patches. In this paper, we develop a game-theoretic(More)
Information technology (IT) security has emerged as an important issue in e-commerce. Firms typically employ multiple security technologies such as firewalls and intrusion detection systems (IDS) to secure their IT systems. An assessment of the value of these technologies is crucial for firms to design the optimal architecture. Such assessments are also(More)