|
Title:
Optimally securing interconnected information systems and assets
Abstract:
Despite information security being a priority issue of many enterprises, the evaluation of investments in information security as well as how to determine firm policies is poorly understood. There are diverging views on whether decision rights for security be placed with the divisions, or with a central group responsible for security. This critically depends on the strategic nature of countermeasures and the type of loss. To explore this issue, we develop an analytical model that takes into account the heterogeneous information systems present in a multi-division enterprise, the various threats it faces to its information systems and assets, the kinds of losses these information assets can be targeted for, as well as the types of countermeasure technology available to protect against different threats. We provide a rigorously derived framework to help firms design optimal mechanisms to deploy both protection and cryptographic countermeasures for availability and confidentiality losses.
|
