Description
This paper analyzes the information security investment decisions by a firm with two correlated information assets. When information assets are correlated, a firm may face additional losses compared to a loss from a single breach, and the probability of security breach on one set may increase the probability on the other. We model the security investment of a risk-taking firm as well as risk-neutral firm by taking an expected utility approach. We will then compare the decisions made by a risk-taking firm to those taken by a risk-neutral firm. We will also determine the optimal manner in which a decision maker allocates funds to protecting two information sets given a limited budget.
Recommended Citation
Mayadunne, Sanjaya and Park, SungJune, "Information Security Investment: Expected Utility Approach with Correlated Information Assets" (2015). AMCIS 2015 Proceedings. 42.
https://aisel.aisnet.org/amcis2015/ISSecurity/GeneralPresentations/42
Information Security Investment: Expected Utility Approach with Correlated Information Assets
This paper analyzes the information security investment decisions by a firm with two correlated information assets. When information assets are correlated, a firm may face additional losses compared to a loss from a single breach, and the probability of security breach on one set may increase the probability on the other. We model the security investment of a risk-taking firm as well as risk-neutral firm by taking an expected utility approach. We will then compare the decisions made by a risk-taking firm to those taken by a risk-neutral firm. We will also determine the optimal manner in which a decision maker allocates funds to protecting two information sets given a limited budget.