An Overview of Economic Approaches to Information Security Management

The increasing concerns of clients, particularly in online commerce, plus the impact of legislations on information security have compelled companies to put more resources in information security. As a result, senior managers in many organizations are now expressing a much greater interest in information security. However, the largest body of research related to preventing breaches is technical, focusing on such issues as encryption and access control. In contrast, research related to the economic aspects of information security is small but rapidly growing. The goal of this technical note is twofold: i) to provide the reader with an structured overview of the economic approaches to information security and ii) to identify potential research directions

Risk mitigation decisions for it security

Enterprises must manage their information risk as part of their larger operational risk management program. Managers must choose how to control for such information risk. This article defines the flow risk reduction problem and presents a formal model using a workflow framework. Three different control placement methods are introduced to solve the problem, and a comparative analysis is presented using a robust test set of 162 simulations. One year of simulated attacks is used to validate the quality of the solutions. We find that the math programming control placement method yields substantial improvements in terms of risk reduction and risk reduction on investment when compared to heuristics that would typically be used by managers to solve the problem. The contribution of this research is to provide managers with methods to substantially reduce information and security risks, while obtaining significantly better returns on their security investments. By using a workflow approach to control placement, which guides the manager to examine the entire infrastructure in a holistic manner, this research is unique in that it enables information risk to be examined strategically. © 2014 ACM

Selecting Cloud Deployment Model Using a Delphi Analytic Hierarchy Process (DAHP)

Cloud computing is a significant paradigm shift in information technology (IT) service offerings that has been receiving enormous attention in academic and IT industry. Recent years has seen exponential growth in cloud use adoption, where many organizations are moving their IT resources into cloud due to flexibility and low-cost. However, on account of rapid innovation and growth in cloud technologies and service providers, selecting the right cloud services, provider and strategy is becoming increasing a common challenge to organization during cloud adoption. In an attempt to address this challenge, we propose application of Delphi Analytic Hierarchy Process (DAHP) method in selecting cloud deployment model. There are several cloud deployment models and organizations must identify the right model that best suits their business needs. The proposed approach facilitates a collaborative decision making process, consisting a number of decision makers whom, with consensus facilitated by the DAHP process, identifies feasible approaches, decision making factors and ultimate selection of a cloud deployment model alternative that is based on organizational business needs and capabilities. The DAHP process is illustrated by a means of a case study. The DAHP result analysis, as was illustrated in the case study, helps in explaining and justifying the choice selected as the best cloud deployment model

The ecological system of innovation: A new architectural framework for a functional evidence-based platform for science and innovation policy

Models on innovation, for the most part, do not include a comprehensive and end-to-end view. Most innovation policy attention seems to be focused on the capacity to innovate and on input factors such as R&D investment, scientific institutions, human resources and capital. Such inputs frequently serve as proxies for innovativeness and are correlated with intermediate outputs such as patent counts and outcomes such as GDP per capita. While this kind of analysis is generally indicative of innovative behaviour, it is less useful in terms of discriminating causality and what drives successful strategy or public policy interventions. This situation has led to the developing of new frameworks for the innovation system led by National Science and Technology Policy Centres across the globe. These new models of innovation are variously referred to as the National Innovation Ecosystem. There is, however, a fundamental question that needs to be answered: what elements should an innovation policy include, and how should such policies be implemented? This paper attempts to answer this question.Innovation; Delphi Method; Balanced Scorecard; Quadruple Helix Theory; Analytic Hierarchy Process; Ecological System of Innovation, Framework, Systems Dynamics

A web-based multi-perspective decision support system for information security planning

With the increasing exposure and vulnerability to cyber attacks, it becomes necessary to develop methodologies and systems that are capable of dealing with the complex and multifaceted nature of decision situations encountered in security planning and management. In this paper we present the theoretical basis, architecture and design of a web-based multi-perspective decision support system (DSS) and an underlying decision multi-criteria decision framework that is consistent with security and decision theory. The system is illustrated through a multi-stakeholder scenario that captures the complexity encountered in a multi-criteria security control selection decision problem

A Framework for IT Investment Evaluation in Emerging Economies

This paper proposes a framework for evaluating information technology investments. The proposed framework integrates value chain analysis with fuzzy logic, activity based costing, and multi-criteria decision analysis. This framework should be particularly useful for organizations in emerging economies, where an uncertain business environment is often combined with a lack of dependable, historical accounting data

Private Property Vehicles: The Valuation of Interests in Limited Partnerships

This paper examines the extent to which the valuation of partial interests in private property vehicles should be closely aligned to the valuation of the underlying assets.    A sample of vehicle managers and investors replied to a questionnaire on the qualities of private property vehicles relative to direct property investment. Applying the Analytic Hierarchy Process (AHP) technique the relative importance of the various advantages and disadvantages of investment in private property vehicles relative to acquisition of the underlying assets are assessed.  The results suggest that the main drivers of the growth of the this sector have been the ability for certain categories of investor to acquire interests in assets that are normally inaccessible due to the amount of specific risk.  Additionally, investors have been attracted by the ability to ‘outsource’ asset management in a manner that minimises perceived agency problems.  It is concluded that deviations from NAV should be expected given that investment in private property vehicles differs from investment in the underlying assets in terms of liquidity, management structures, lot size, financial structure inter alia.  However, reliably appraising the pricing implications of these variations is likely to be extremely difficult due to the lack of secondary market trading and vehicle heterogeneity. Private Property Vehicles, PPV, Valuation