Abstract
Proper investment in information systems security can protect national critical information systems. This research compares the optimal investment decision for organizations to protect themselves from common hackers and from cyber terrorists. A two-stage stochastic game model is proposed to model cyber terrorism activities as well as common hacking activities. The results of our specific simulation indicate that an optimal investment exists for games such as cyber crimes, and that the potential maximum loss to organizations from cyber terrorism is about fifty times more than from common hackers. This research can also be generalized to other practical fields such as financial fraud prevention. To the best of our knowledge, our approach is a novel approach that combines economic theory, deterrence theory, and IS security to explore the cyber terrorism problem.
Recommended Citation
Hua, Jian and Bapna, Sanjay, "Optimal IS Security Investment: Cyber Terrorism vs. Common Hacking" (2011). ICIS 2011 Proceedings. 4.
https://aisel.aisnet.org/icis2011/proceedings/ISsecurity/4
Optimal IS Security Investment: Cyber Terrorism vs. Common Hacking
Proper investment in information systems security can protect national critical information systems. This research compares the optimal investment decision for organizations to protect themselves from common hackers and from cyber terrorists. A two-stage stochastic game model is proposed to model cyber terrorism activities as well as common hacking activities. The results of our specific simulation indicate that an optimal investment exists for games such as cyber crimes, and that the potential maximum loss to organizations from cyber terrorism is about fifty times more than from common hackers. This research can also be generalized to other practical fields such as financial fraud prevention. To the best of our knowledge, our approach is a novel approach that combines economic theory, deterrence theory, and IS security to explore the cyber terrorism problem.