Loading...
Thumbnail Image
Publication

Managing Information Security Investments Under Uncertainty: Optimal Policies for Technology Investment and Information Sharing

Citations
Altmetric:
Abstract
Information systems are an integral part of today's business environment. Businesses, government organizations, and the society rely on these systems for various transactions, most of which have huge financial implications. Hence, attacks that breach information systems result in interruption of operations, loss of data and customer confidence, constituting a significant threat to firms. The losses due to attacks on information systems can be mitigated through investments in information security technologies and services. In this thesis we study three practical problems related to information system security investment management: (1) Optimal policies for technology investment in information system security; (2) Optimal policies for information sharing in information system security; and (3) Asymmetric information sharing in information system security. We believe that firms can benefit from this work either through direct implementation for specific guidance, or through indirect use of several policy results obtained. An important characteristic of this studies is that we build this models by using real-world data through survey to information system security practitioners. As one of the few studies on information system security investment management through operations management approaches, this work also set the first step for futures studies on related topics that can be explored by researchers in the field of management science.
Type
dissertation
Date
2019-02
Publisher
Advisors
License
License