- Full text PDF available (13)
We develop and simulate a dynamic model of investment in information security. The model is based on the recognition that both IT managers and users appreciate the trade-off between two of the fundamental characteristics of information security, namely confidentiality and availability. The model's parameters can be clustered in a manner that allows us to… (More)
This paper addresses the question of determining the optimal timing of interventions in information security management. Using utility theory, we derive the limiting condition under which, given a potential or realized risk, a decision to invest, delay, or abandon can be justified. Our primary focus is on the decision to defer costly deterministic… (More)
We develop and simulate a basic mathematical model of the costly deployment of software patches in the presence of trade-offs between confidentiality and availability. The model incorporates representations of the key aspects of the system architecture, the managers' preferences, and the stochastic nature of the threat environment. Using the model, we… (More)
The concept of stewardship in environmental economics is an established tool for environmental and natural resource management and the mitigation of risk from climate change. Similar concepts are well-established in accounting and management. Despite the ubiquity of the concept of stewardship, there is no generally accepted definition. We define the… (More)
Interviews about emerging cybersecurity threats and a cybersecurity public policy economic model for civil aviation illustrate stakeholders' concerns: interdependency issues can lead to aviation regulations that put smaller airports at a disadvantage.
2 Executive Summary Why Study KISAs This report is about Knowledge Intensive Service Activities (KISAs) in the New Zealand software industry. A KISA is an expert service that firms use to enhance the value of their existing activities. Innovation is one such activity that uses KISAs. Understanding how firms access and use the variety of innovation-related… (More)
Security managers face the challenge of formulating and implementing policies that deliver their desired system security postures — for example, their preferred balance of confidentiality, integrity, and availability — within budget (monetary and otherwise). In this paper, we describe a security modelling methodology, grounded in rigorous mathematical… (More)