Abstract

  
 

References (19)



 


 



Optimal Information Security Architecture for the Enterprise


Vineet Kumar


Harvard Business School

Rahul Telang


Carnegie Mellon University - H. John Heinz III School of Public Policy and Management

Tridas Mukhopadhyay


Carnegie Mellon University - David A. Tepper School of Business
January 1, 2008


Abstract:     
Information security is growing to be an IT priority for many firms, but several critical dimensions of enterprise security like type of loss or strategic effects of countermeasures have received little attention in the economics-based literature. We develop a model of a contagious threat that can attack multiple divisions of a firm's enterprise network and cause both availability and confidentiality losses. Firms commonly deploy countermeasures to mitigate the harmful effects of threats. Such deployment is complicated by the CIO's lack of information on the information systems of the divisions and due to the differing goals of division managers. In this setting, we model the business process and interconnectivity requirements of the enterprise and demonstrate how to optimally design the security architecture, which consists of protection, recovery and cryptographic measures. We evaluate commonly suggested mechanisms like subsidies and liability and find that they are inadequate as well as informationally demanding. To remedy these problems which directly impact practitioners, we derive mechanisms that have no ex-post informational requirements and are easily implementable for both availability and confidentiality losses. Some of our results are counterintuitive, notably that countermeasure can be overdeployed by division managers and that having a single platform for all divisions can decrease unexpected confidentiality losses.

Number of Pages in PDF File: 43

Keywords: Information Security, Availability Losses, Confidentiality Losses, Enterprise Security Architecture

working papers series


Download This Paper

Date posted: January 23, 2008  

Suggested Citation

Kumar, Vineet, Telang, Rahul and Mukhopadhyay, Tridas, Optimal Information Security Architecture for the Enterprise (January 1, 2008). Available at SSRN: http://ssrn.com/abstract=1086690 or http://dx.doi.org/10.2139/ssrn.1086690

Contact Information

Vineet Kumar (Contact Author)
Harvard Business School ( email )
Soldiers Field Road
Morgan 179
Boston, MA 02163
United States
Rahul Telang
Carnegie Mellon University - H. John Heinz III School of Public Policy and Management ( email )
4800 Forbes Ave
Pittsburgh, PA 15213-3890
United States
412-268-1155 (Phone)
Tridas Mukhopadhyay
Carnegie Mellon University - David A. Tepper School of Business ( email )
5000 Forbes Avenue
Pittsburgh, PA 15213-3890
United States
412-268-2307 (Phone)
HOME PAGE: http://web.gsia.cmu.edu/display_faculty.aspx?id=102
Feedback to SSRN (Beta)


Paper statistics
Abstract Views: 1,191
Downloads: 290
Download Rank: 50,008
References:  19
Paper comments
No comments have been made on this paper

© 2013 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright
This page was processed by apollo8 in 1.032 seconds