Description

This paper analyzes the information security investment decisions by a firm with two correlated information assets. When information assets are correlated, a firm may face additional losses compared to a loss from a single breach, and the probability of security breach on one set may increase the probability on the other. We model the security investment of a risk-taking firm as well as risk-neutral firm by taking an expected utility approach. We will then compare the decisions made by a risk-taking firm to those taken by a risk-neutral firm. We will also determine the optimal manner in which a decision maker allocates funds to protecting two information sets given a limited budget.

Share

COinS
 

Information Security Investment: Expected Utility Approach with Correlated Information Assets

This paper analyzes the information security investment decisions by a firm with two correlated information assets. When information assets are correlated, a firm may face additional losses compared to a loss from a single breach, and the probability of security breach on one set may increase the probability on the other. We model the security investment of a risk-taking firm as well as risk-neutral firm by taking an expected utility approach. We will then compare the decisions made by a risk-taking firm to those taken by a risk-neutral firm. We will also determine the optimal manner in which a decision maker allocates funds to protecting two information sets given a limited budget.