4 research outputs found
Prediction Markets: A Systematic Review and Meta-Analysis
Prediction markets (PM) have drawn considerable attention in recent years as a tool for forecasting events. Studies surveying and examining relevant the trends of PM using traditional approaches have been reported in the literature. However, research using meta-analysis to review Prediction markets systems is very limited in Management Information System (MIS). This paper aimed to fill this gap by using Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) method to study Prediction markets trends over the past decades. Our results are as follows. First, we find that shows that more than 64% of academic studies on Prediction markets are published in top journals such as Journal of the Association for Information Systems, Journal of Consumer Research and Information Systems Research. Second, we showed that Prediction markets applications can be can be divided into two groups: internal use PMS and general public usage. Finally, our significant meta-analysis result show that on average prediction markets is 79% more accurate than alternative forecast methods based
Towards a Comprehensive Evidence-Based Approach For Information Security Value Assessment
This thesis is motivated by the goals of understanding in depth which information security value aspects are relevant in real-world business environments and contributing a value-prioritised information security investment decision model suitable for practitioners in the field. Pursuing this goal, we apply a mixed method research approach that combines the analysis of the relevant literature, expert interviews, practitioner survey data and structural equation modelling and multicriteria decision analysis. In the first step, we address the identified terminology gap to clarify the meaning of ‘cyber security’ by analysing authoritative definition sources in the literature and presenting an improved definition distinct from that of ‘information security’. We then investigate the influence of repeated information security breaches on an organisation’s stock market value to benchmark the wider economic impact of such events. We find abnormal returns following a breach event as well as weak statistical significance on abnormal returns for later breach events, confirming that data breaches have a negative impact on organisations. To understand how security practitioners view this topic, we conduct and analyse semi-structured interviews following a grounded theory approach. Our research identifies 15 principles aligned with a conceptual information security investment framework. The key components of this framework such as the business environment, drivers (threat landscape, legal and regulatory) and challenges (cost of security, uncertainty) are found to be a crucial part of value-prioritised information security investment decisions. We verify these findings through a structural model consisting of five latent variables representing key areas in value-focused information security investment decisions. The model shows that security capabilities have the largest direct effect on the value organisations gain from information security investment. In addition, the value outcome is strongly influenced by organisation-specific constructs such as the threat landscape and regulatory requirements, which must therefore be considered when creating security capabilities. By addressing one of the key uncertainty issues, we use a probabilistic topic modelling approach to identify latent security threat prediction topics from a large pool of security predictions publicised in the media. We further verify the prediction outcomes through a survey instrument. The results confirm the feasibility of forecasting notable threat developments in this context, implying that practitioners can use this approach to reduce uncertainty and improve security investment decisions. In the last part of the thesis, we present a multicriteria decision model that combines our results on value-prioritised information security investments in an organisational context. Based on predefined criteria and preferences and by utilising stochastic multicriteria acceptability analysis as the adopted methodology, our model can deal with substantial uncertainty while offering ease of use for practitioners
Recommended from our members
The entangled cyberspace: an integrated approach for predicting cyber-attacks
This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonSignificant studies in cyber defence analysis have predominantly revolved around a single linear analysis of information from a single source of evidence (The Network). These studies were limited in their ability to understand the dynamics of entanglements related to cyber-incidents. This research integrates evidence beyond the network in an attempt to understand and predict phases of the kill-chain across the information space.
This research provides a multi-dimensional phased analysis of the traditional kill-chain model using structural vector autoregressive models. In the ‘Entangled Cyberspace Framework’, each phase of the kill-chain corresponds to a single dimension of the information space based on time observations of certain events. Events are represented as time signals, where each phase is characterised by multiple time signals representing multiple events on that phase. Multiple time signals are analysed using structural models for multiple time series analysis (Vector Auto-Regressive models). At each phase of the kill-chain, we perform a lagged co-integration analysis of events across the information space. This nature of analysis detects hidden entanglements that characterise events in the kill-chain beyond the network. The measured prediction accuracy and error measured at each stage of the experiment represents the usefulness of selected events in characterising the defined stage of the kill-chain.
The entangled cyberspace, in theory, is the fusion of three conceptual foundations: a) A multi-dimensional characterisation of cyberspace, b) A sequential phased model for perpetrating cyber-attacks and c) A structural model for integrating and simultaneously analysing multiple sources of evidence. It starts with the characterisation of the information space into different dimensions of interest. The framework goes further to identify evidence sources across these characterised dimensions and integrates them in the analytical context under consideration (e.g. Malware Injection).
The concrete findings show that our approach and analytical methodology are capable of detecting entanglements when applied to a set of entangled activities across the information space. The findings also prove that activities beyond the network have significant effects on the nature of the unfolding cyber-attack vector. The predictive features of events across the kill-chain were also presented in this research as opinion and emotion drivers on the social dimension, packet data details and social and cultural events on the economic layer. Finally, co-integration detected between events across and within dimensions of the information space proves the existence of both inter-dimensional and intra-dimensional entanglements that affect the nature of events unfolding during the kill-chain (from the adversary’s point of view).
The novelty of this research rests in the ability to hop across the information space for detecting evidential clues of activities that are related-to cyber-incidents. This research also expands the standard multi-dimensional information space to include SPEC factors as indicators of cyber-incidents. This research improves the current information security management model, specifically in the monitoring, analysis and detection phases. This research provides a methodology that accommodates a robust evidence base for understanding the attack surface. Practically, this research provides a basis for creating applications and tools for protecting critical national infrastructure by integrating data from social platforms, real-world political, cultural and economic events and the cyber-physical