Advertisement

Cyber Security Investment in the Context of Disruptive Technologies: Extension of the Gordon-Loeb Model and Application to Critical Infrastructure Protection

  • Dimitri Percia DavidEmail author
  • Marcus Matthias Keupp
  • Solange Ghernaouti
  • Alain Mermoud
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10242)

Abstract

We propose an extension of the Gordon-Loeb model by considering multi-periods and relaxing the assumption of a continuous security breach probability function. Such adaptations allow capturing dynamic aspects of information security investment such as the advent of a disruptive technology and its consequences. In this paper, the case of big data analytics (BDA) and its disruptive effects on information security investment is theoretically investigated. Our analysis suggests a substantive decrease in such investment due to a technological shift. While we believe this case should be generalizable across the information security milieu, we illustrate our approach in the context of critical infrastructure protection (CIP) in which security cost reduction is of prior importance since potential losses reach unaffordable dimensions. Moreover, despite BDA has been considered as a promising method for CIP, its concrete effects have been discussed little.

References

  1. 1.
    Alcaraz, C., Zeadally, S.: Critical infrastructure protection: Requirements and challenges for the 21st century. Int. J. Crit. Infrastruct. Prot. 8, 53–66 (2015)CrossRefGoogle Scholar
  2. 2.
    Anderson, R.: Why information security is hard - an economic perspective, pp. 358–365. IEEE Comput. Soc (2001)Google Scholar
  3. 3.
    Anderson, R., Moore, T.: The economics of information security. Science 314(5799), 610–613 (2006)CrossRefGoogle Scholar
  4. 4.
    Anderson, R., Fuloria, S.: Security economics and critical national infrastructure. In: Moore, T., Pym, D., Ioannidis, C. (eds.) Economics of Information Security and Privacy, pp. 55–66. Springer, US (2010).  https://doi.org/10.1007/978-1-4419-6967-5_4 CrossRefGoogle Scholar
  5. 5.
    Cardenas, A.A., Manadhata, P.K., Rajan, S.P.: Big data analytics for security. IEEE Secur. Priv. 11(6), 74–76 (2013)CrossRefGoogle Scholar
  6. 6.
    Chen, H., Chiang, R.H., Storey, V.C.: Business intelligence and analytics: from big data to big impact. MIS Q. 36(4), 1165–1188 (2012)Google Scholar
  7. 7.
    Christensen, C., Raynor, M.E., McDonald, R.: What Is Disruptive Innovation? Harvard Business Review, Boston (2015)Google Scholar
  8. 8.
    Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. (TISSEC) 5(4), 438–457 (2002)CrossRefGoogle Scholar
  9. 9.
    Gordon, L.A., Loeb, M.P., Lucyshyn, W., Zhou, L., et al.: others: Externalities and the magnitude of cyber security underinvestment by private sector firms: a modification of the Gordon-Loeb model. J. Inf. Secur. 6(01), 24 (2014)Google Scholar
  10. 10.
    Laney, D.: 3D data management: Controlling data volume, velocity and variety. META Group Research Note 6, 70 (2001)Google Scholar
  11. 11.
    Mahmood, T., Afzal, U.: Security analytics: big data analytics for cybersecurity: a review of trends, techniques and tools. In: 2013 2nd National Conference on Information Assurance (NCIA), pp. 129–134 (2013)Google Scholar
  12. 12.
    Sathi, A.: Big Data Analytics: Disruptive Technologies for Changing the Game. Mc Press, Los Angeles (2012)Google Scholar
  13. 13.
    Sowa, J.F.: Conceptual Structures: Information Processing in Mind and Machine. Addison-Wesley Pub., Reading (1983)zbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Dimitri Percia David
    • 1
    • 2
    Email author
  • Marcus Matthias Keupp
    • 1
    • 3
  • Solange Ghernaouti
    • 2
  • Alain Mermoud
    • 1
    • 2
  1. 1.Swiss Cybersecurity Advisory and Research Group (SCARG)University of LausanneLausanneSwitzerland
  2. 2.Department of Defense ManagementMilitary Academy at ETH ZurichBirmensdorfSwitzerland
  3. 3.Institute of Technology ManagementUniversity of St. GallenGallenSwitzerland

Personalised recommendations