Help
Cart
Skip main navigation

Available Issues

December 4, 2012 - June 5, 2026

Available Issues

December 4, 2012 - June 5, 2026

Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker

Published Online:23 Mar 2022https://doi.org/10.1287/deca.2021.0442

References

  • Cachon PG, Fisher M (2000) Supply chain inventory management and the value of shared information. Management Sci. 46(8):1032–1048.LinkGoogle Scholar
  • Cavusoglu H, Raghunathan S, Cavusoglu H (2009) Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Inform. Systems Res. 20(2):198–217.LinkGoogle Scholar
  • Cezar A, Cavusoglu H, Raghunathan S (2017) Sourcing information security operations: The role of risk interdependency and competitive externality in outsourcing decisions. Production Oper. Management 26(5):860–879.CrossrefGoogle Scholar
  • Cheung KF, Bell MGH (2019) Attacker–defender model against quantal response adversaries for cyber security in logistics management: An introductory study. Eur. J. Oper. Res. 291(2021):471–481.Google Scholar
  • Enders W, Sandler T (2003) What do we know about the substitution effect in transnational terrorism? Silke A, Ilardi G, eds. Researching Terrorism: Trends, Achievements and Failures (Frank Cass, Ilford, UK), 119–137.Google Scholar
  • Farahmand F, Navathe SB, Sharp GP, Enslow PH (2004) Evaluating damages caused by information systems security incidents. Camp LJ, Lewis S, eds. Economics of Information Security. Advances in Information Security, vol. 12 (Springer, Boston), 85–94.CrossrefGoogle Scholar
  • Florcs WR, Antonsen E, Ekstedt M (2014) Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Comput. Security 43(6):90–110.Google Scholar
  • Gal-Or E, Ghose A (2005) The economic incentives for sharing security information. Inform. Systems Res. 16(2):186–208.LinkGoogle Scholar
  • Gao X, Zhong W, Mei S (2013) Security investment and information sharing under an alternative security breach probability function. Inform. Systems Frontiers 17(2):423–438.CrossrefGoogle Scholar
  • Gao X, Zhong W, Mei S (2014) A game-theoretic analysis of information sharing and security investment for complementary firms. J. Oper. Res. Soc. 65(11):1682–1691.CrossrefGoogle Scholar
  • Gordon LA, Loeb MP (2002) The economics of information security investment. ACM Trans. Inform. System Security 5(4):438–457.CrossrefGoogle Scholar
  • Gordon LA, Loeb MP, Lucyshyn W (2003) Sharing information on computer systems security: An economic analysis. J. Accounting Public Policy 22(6):461–485.CrossrefGoogle Scholar
  • Ha AY, Tong S (2008) Contracting and information sharing under supply chain competition. Management Sci. 54(4):701–715.LinkGoogle Scholar
  • Hausken K (2006) Income, interdependence, and substitution effects affecting incentives for security investment. J. Accounting Public Policy 25(6):629–665.CrossrefGoogle Scholar
  • Hausken K (2007) Information sharing among firms and cyber attacks. J. Accounting Public Policy 26(6):639–688.CrossrefGoogle Scholar
  • Hausken K (2014) Returns to information security investment: Endogenizing the expected loss. Inform. Systems Frontiers 16(2):329–336.CrossrefGoogle Scholar
  • Hausken K (2017a) Security investment, hacking, and information sharing between firms and between hackers. Games 8(2):23.CrossrefGoogle Scholar
  • Hausken K (2017b) Information sharing among cyber hackers in successive attacks. Internat. Game Theory Rev. 19(2):1750010.CrossrefGoogle Scholar
  • Huang YT, Wang ZJ (2017) Values of information sharing: A comparison of supplier-remanufacturing and manufacturer-remanufacturing scenarios. Transportation Res. Part E: Logist. Transportation Rev. 106:20–44.CrossrefGoogle Scholar
  • Huang CD, Hu Q, Behara RS (2008) An economic analysis of the optimal information security investment in the case of a risk-averse firm. Internat. J. Production Econom. 114(2):793–804.CrossrefGoogle Scholar
  • Lakdawalla D, Zanjani G (2002) Insurance, self-protection, and the economics of terrorism. NBER Working Paper No. 9215, National Bureau of Economic Research, Cambridge, MA.Google Scholar
  • Lee CH, Geng X, Raghunathan S (2013) Contracting information security in the presence of double moral hazard. Inform. Systems Res. 24(2):295–311.LinkGoogle Scholar
  • Lee CH, Geng X, Raghunathan S (2016) Mandatory standards and organizational information security. Inform. Systems Res. 27(1):70–86.LinkGoogle Scholar
  • Lee HL, So KC, Tang CS (2000) The value of information sharing in a two-level supply chain. Management Sci. 46(5):626–643.LinkGoogle Scholar
  • Liu D, Ji Y, Mookerjee V (2011) Knowledge sharing and investment decisions in information security. Decision Support Systems 52(1):95–107.CrossrefGoogle Scholar
  • McGrath M (2014) Target profit falls 46% on credit card breach and the hits could keep on coming. Forbes (February 26), https://www.forbes.com/sites/maggiemcgrath/2014/02/26/target-profit-falls-46-on-credit-card-breach-and-says-the-hits-could-keep-on-coming/.Google Scholar
  • Mishra B, Raghunathan S, Yue X (2007) Credible exchange of information in supply chains: incentives for information distortion. IIE Trans. 39(9):863–877.CrossrefGoogle Scholar
  • Mookerjee V, Mookerjee R, Bensoussan A, Yue WT (2011) When hackers talk: Managing information security under variable attack rates and knowledge dissemination. Inform. Systems Res. 22(3):606–623.LinkGoogle Scholar
  • O’Leary DE (2020) Evolving information systems and technology research issues for COVID-19 and other pandemics. J. Organ. Comput. Electronic Commerce 30(1):1–8.CrossrefGoogle Scholar
  • Pala A, Zhuang J (2019) Information sharing in cybersecurity: A review. Decision Anal. 16(3):172–196.LinkGoogle Scholar
  • Qian X, Liu X, Pei J, Pardalos PM (2017) A new game of information sharing and security investment between two allied firms. Internat. J. Production Res. 56(12):4069–4086.CrossrefGoogle Scholar
  • Sen S, Raghu TS (2013) Interdependencies in IT infrastructure services: Analyzing service processes for optimal incentive design. Inform. Systems Res. 24(3):822–841.LinkGoogle Scholar
  • Skopik F, Settanni G, Fiedler R (2016) A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Comput. Security 60:154–176.CrossrefGoogle Scholar
  • Tamjidyamcholo A, Bin Baba MS, Tamjid H, Gholipour R (2013) Information security—Professional perceptions of knowledge-sharing intention under self-efficacy, trust, reciprocity, and shared-language. Comput. Ed. 68(C):223–232.CrossrefGoogle Scholar
  • Tanaka H, Matsuura K, Sudoh O (2005) Vulnerability and information security investment: An empirical analysis of e-local government in Japan. J. Accounting Public Policy 24(1):37–59.CrossrefGoogle Scholar
  • Varian H (2004) System reliability and free riding. Economics of Information Security (Camp LJ, Lewis S, eds.), 1–15.CrossrefGoogle Scholar
  • Wadhwa S, Mishra M, Chan FTS, Ducq Y (2008) Effects of information transparency and cooperation on supply chain performance: A simulation study. Internat. J. Production Res. 48(1):145–166.CrossrefGoogle Scholar
  • Wu Y, Feng G, Fung RYK (2018) Comparison of information security decisions under different security and business environments. J. Oper. Res. Soc. 69(5):747–761.CrossrefGoogle Scholar
  • Wu Y, Feng G, Wang N, Liang H (2015) Game of information security investment: Impact of attack types and network vulnerability. Expert Systems with Applications 42(15–16):6132–6146.Google Scholar
  • Wu Y, Duan J, Dai T, Cheng D (2020) Managing security outsourcing in the presence of strategic hackers. Decision Anal. 17(3):235–259.LinkGoogle Scholar
  • Wu Y, Tayi GK, Feng G, Fung RYK (2021) Managing information security outsourcing in a dynamic cooperation environment. J. Assoc. Inform. Systems 22(3):827–850.Google Scholar
  • Zhang F (2006) Competition, cooperation, and information sharing in a two-echelon assembly system. Manuf. Serv. Oper. Manag. 8(3):273–291.LinkGoogle Scholar
  • Zhang C, Feng N, Chen J, Li D, Li M (2021) Outsourcing strategies for information security: Correlated losses and security externalities. Inform. Systems Frontiers 23(3):773–790.CrossrefGoogle Scholar
  • Zhao X, Xue L, Whinston AB (2013) Managing interdependent information security risks: Cyberinsurance, managed security services, and risk pooling arrangements. J. Management Inform. Systems 30(1):123–152.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree