Advanced search
Publication Cover
Journal of the Operational Research Society Volume 69, 2018 - Issue 5
Submit an article Journal homepage
366
Views
13
CrossRef citations to date
0
Altmetric
Articles

Comparison of information security decisions under different security and business environments

Yong WuSchool of Management, Xi’an Jiaotong University, Xi’an, China;City University of Hong Kong, Hong Kong, China
,
Gengzhong FengSchool of Management, Xi’an Jiaotong University, Xi’an, ChinaCorrespondence[email protected]
&
Richard Y. K. FungCity University of Hong Kong, Hong Kong, China
Pages 747-761 | Received 01 Aug 2016, Accepted 30 May 2017, Published online: 18 Jan 2018

References

  • Anderson, R., & Moore, T. (2006). The economics of information security. Science, 314(5799), 610–613.
  • Arthur, C. (2011). Sony suffers second data breach with theft of 25 m more user details. Retrieved from https://www.theguardian.com/technology/blog/2011/may/03/sony-data-breach-online-entertainment
  • Bandyopadhyay, T., Jacob, V., & Raghunathan, S. (2010). Information security in networked supply chains: Impact of network vulnerability and supply chain integration on incentives to invest. Information Technology & Management, 11(1), 7–23.
  • Cavusoglu, H., Raghunathan, S., & Yue, W. T. (2008). Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems, 25(2), 281–304.
  • Gal-Or, E., & Ghose, A. (2005). The economic incentives for sharing security information. Information Systems Research, 16(2), 186–208.
  • Gao, X., & Zhong, W. (2015). Information security investment for competitive firms with hacker behavior and security requirements. Annals of Operations Research, 235(1), 277–300.
  • Gao, X., & Zhong, W. (2016). A differential game approach to security investment and information sharing in a competitive environment. IIE Transactions, 48(6), 511–526.
  • Gao, X., Zhong, W., & Mei, S. (2015). Security investment and information sharing under an alternative security breach probability function. Information Systems Frontiers, 17(2), 423–438.
  • Gao, X., Zhong, W. J., & Mei, S. E. (2014). A game-theoretic analysis of information sharing and security investment for complementary firms. Journal of the Operational Research Society, 65(11), 1682–1691.
  • Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 5(4), 438–457.
  • Gordon, L. A., Loeb, M. P., & Lucyshyn, W. (2003). Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy, 22(6), 461–485.
  • Hausken, K. (2006). Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Information Systems Frontiers, 8(5), 338–349.
  • Hausken, K. (2007). Information sharing among firms and cyber attacks. Journal of Accounting and Public Policy, 26(6), 639–688.
  • Hausken, K. (2010). Risk, production and conflict when utilities are as if certain. International Journal of Decision Sciences, Risk and Management, 2(3–4), 228–251.
  • Hausken, K. (2011). Production, safety, exchange, and risk. International Journal of Business Continuity and Risk Management, 2(4), 346–350.
  • Hausken, K. (2012). Production versus safety in a risky competitive industry. International Journal of Decision Sciences, Risk and Management, 4(1–2), 92–107.
  • Hausken, K. (2014). Returns to information security investment: Endogenizing the expected loss. Information Systems Frontiers, 16(2), 329–336.
  • Huang, C. D., Hu, Q., & Behara, R. S. (2008). An economic analysis of the optimal information security investment in the case of a risk-averse firm. International Journal of Production Economics, 114(2), 793–804.
  • Kallberg, J. G., & Udell, G. F. (2003). The value of private sector business credit information sharing: The US case. Journal of Banking & Finance, 27(3), 449–469.
  • Kirby, A. J. (1988). Trade associations as information exchange mechanisms. The RAND Journal of Economics, 19(1), 138–146.
  • Krebs, B. (2014). Email attack on vendor set up breach at target. Retrieved from http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target
  • Kunreuther, H., & Heal, G. (2003). Interdependent security. Journal of Risk and Uncertainty, 26(2–3), 231–249.
  • Lee, C. H., Geng, X. J., & Raghunathan, S. (2013). Contracting information security in the presence of double moral hazard. Information Systems Research, 24(2), 295–311.
  • Lee, C. H., Geng, X. J., & Raghunathan, S. (2016). Mandatory standards and organizational information security. Information Systems Research, 27(1), 70–86.
  • McGrath, M. (2014). Target profit falls 46% on credit card breach and the hits could keep on coming. Retrieved from http://www.forbes.com/sites/maggiemcgrath/2014/02/26/target-profit-falls-46-on-credit-card-breach-and-says-the-hits-could-keep-on-coming
  • Novshek, W., & Sonnenschein, H. (1982). Fulfilled expectations Cournot duopoly with information acquisition and release. The Bell Journal of Economics, 13(1), 214–218.
  • Ponemon, L. (2015). Cost of data breach study: Global analysis. Retrieved from http://www.ponemon.org/blog/2015-cost-of-data-breach-global
  • Schlosser, A. E., White, T. B., & Lloyd, S. M. (2006). Converting web site visitors into buyers: How web site investment increases consumer trusting beliefs and online purchase intentions. Journal of Marketing, 70(2), 133–148.
  • Tanaka, H., Matsuura, K., & Sudoh, O. (2005). Vulnerability and information security investment: An empirical analysis of e-local government in Japan. Journal of Accounting and Public Policy, 24(1), 37–59.
  • Vijayan, J. (2008). Changes to PCI standard not expected to up ante on protecting payment card data, computerworld. Retrieved August 20, from http://www.computerworld.com/s/article/9113104

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.