Abstract
Information systems security has become a top priority issue for most organizations worldwide IT managers try to protect their systems through a series of technical security measures. Even though these measures can be determined through risk analysis, the appropriate amount that should be invested in Information Systems security is, by and large, determined empirically. Organizations would also wish to insure their information systems against potential security incidents. In this case both parties, namely the organization and the insurance company would be interested in calculating a fair, mutually beneficial premium. In this paper a probabilistic structure, in the form of a Markov model, is used to provide some insight into these issues.
Chapter PDF
6. References
Lambrinoudakis C, Gritzalis S., Hatzopoulos P., Yannacopoulos A.N. and Katsikas, S.K., A formal model for pricing information systems insurance contracts, Computer Standards & Interfaces 27, 521–532 (2005).
Yannacopoulos A.N., Lambrinoudakis C, Gritzalis S., Hatzopoulos P., and Katsikas, S.K., A dynamic stochastic model for optimizing information systems security investment, submitted for publication.
Habennan, S. and Pitacco, E., Actuarial models for disability insurance, Chapman and Hall, 1999.
Gordon, L.A. and Loeb, P., The economics of information security investment, ACM Transactions on Information and Communication Systems Security, 5, 438–457, 2002.
Varian, H.R., Microeconomic analysis, Norton and Co., 1992.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Katsikas, S.K., Yannacopoulos, A.N., Gritzalis, S., Lambrinoudakis, C., Hatzopoulos, P. (2005). How Much Should We Pay for Security? (Invited Paper). In: Dowland, P., Furnell, S., Thuraisingham, B., Wang, X.S. (eds) Security Management, Integrity, and Internal Control in Information Systems. IICIS 2004. IFIP International Federation for Information Processing, vol 193. Springer, Boston, MA. https://doi.org/10.1007/0-387-31167-X_4
Download citation
DOI: https://doi.org/10.1007/0-387-31167-X_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-29826-9
Online ISBN: 978-0-387-31167-8
eBook Packages: Computer ScienceComputer Science (R0)