Vulnerability and Information Security Investment Under Interdependent Risks: A Theoretical Approach

18 Pages Posted: 4 May 2011

See all articles by Woohyun Shim

Woohyun Shim

University of Trento; Michigan State University - Department of Telecommunication

Date Written: May 4, 2011

Abstract

This article develops an economic model that shows the optimal level of information security investment in the context of interdependent security risks. Using particular functional forms, the analysis shows that the relationship between the security vulnerability level and the level of optimal information security investment is affected by externalities caused by agents’ correlated security risks. This article further illustrates that these externalities make an agent invest a different fraction of the expected loss compared to security investments in the situation of independent security risks: that is, in order to maximize the expected benefits from security investments, an agent should invest a larger fraction of the expected loss from a security breach in the case of negative externalities, while an agent should spend a smaller fraction of the expected loss in the case of negative externalities.

Keywords: interdependent security risk, security investment, security vulnerability, externality

Suggested Citation

Shim, Woohyun, Vulnerability and Information Security Investment Under Interdependent Risks: A Theoretical Approach (May 4, 2011). Available at SSRN: https://ssrn.com/abstract=1830804 or http://dx.doi.org/10.2139/ssrn.1830804

Woohyun Shim (Contact Author)

University of Trento ( email )

Via Sommarive 14
Trento, TN Trento 38123
Italy

Michigan State University - Department of Telecommunication ( email )

409 Communication Arts & Sciences Building
East Lansing, MI 48824-1212
United States

Register to save articles to
your library

Register

Paper statistics

Downloads
71
Abstract Views
473
rank
327,137
PlumX Metrics