Advertisement

How Much Should We Pay for Security? (Invited Paper)

  • Sokratis K. Katsikas
  • Athanasios N. Yannacopoulos
  • Stefanos Gritzalis
  • Costas Lambrinoudakis
  • Peter Hatzopoulos
Conference paper
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 193)

Abstract

Information systems security has become a top priority issue for most organizations worldwide IT managers try to protect their systems through a series of technical security measures. Even though these measures can be determined through risk analysis, the appropriate amount that should be invested in Information Systems security is, by and large, determined empirically. Organizations would also wish to insure their information systems against potential security incidents. In this case both parties, namely the organization and the insurance company would be interested in calculating a fair, mutually beneficial premium. In this paper a probabilistic structure, in the form of a Markov model, is used to provide some insight into these issues.

Key words

Information systems security security investment security insurance 

6. References

  1. 1.
    Lambrinoudakis C, Gritzalis S., Hatzopoulos P., Yannacopoulos A.N. and Katsikas, S.K., A formal model for pricing information systems insurance contracts, Computer Standards & Interfaces 27, 521–532 (2005).CrossRefGoogle Scholar
  2. 2.
    Yannacopoulos A.N., Lambrinoudakis C, Gritzalis S., Hatzopoulos P., and Katsikas, S.K., A dynamic stochastic model for optimizing information systems security investment, submitted for publication.Google Scholar
  3. 3.
    Habennan, S. and Pitacco, E., Actuarial models for disability insurance, Chapman and Hall, 1999.Google Scholar
  4. 4.
    Gordon, L.A. and Loeb, P., The economics of information security investment, ACM Transactions on Information and Communication Systems Security, 5, 438–457, 2002.CrossRefGoogle Scholar
  5. 5.
    Varian, H.R., Microeconomic analysis, Norton and Co., 1992.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Sokratis K. Katsikas
    • 1
  • Athanasios N. Yannacopoulos
    • 2
  • Stefanos Gritzalis
    • 1
  • Costas Lambrinoudakis
    • 1
  • Peter Hatzopoulos
    • 2
  1. 1.Dept. of Information and Communication Systems EngineeringUniversity of the AegeanKarlovassi, SamosGreece
  2. 2.Dept. of Statistics and Actuarial — Financial MathematicsUniversity of the AegeanKarlovassi, SamosGreece

Personalised recommendations