Help
Cart
Skip main navigation

Available Issues

December 4, 2012 - March 5, 2026

Available Issues

December 4, 2012 - March 5, 2026

Decision Making in Information Security Investments: Impact of System Vulnerability and Investment Timing on Resource-Sharing Platforms

Published Online:26 Nov 2024https://doi.org/10.1287/deca.2024.0190

References

  • Bandyopadhyay T, Jacob V, Raghunathan S (2010) Information security in networked supply chains: Impact of network vulnerability and supply chain integration on incentives to invest. Inform. Tech. Management 11(1):7–23.CrossrefGoogle Scholar
  • Barua A, Kriebel CH, Mukhopadhyay T (1991) An economic analysis of strategic information technology investments. Management Inform. Systems Quart. 15(3):313–331.CrossrefGoogle Scholar
  • Cavusoglu H, Cavusoglu H, Zhang J (2008a) Security patch management: Share the burden or share the damage? Management Sci. 54(4):657–670.LinkGoogle Scholar
  • Cavusoglu H, Raghunathan S, Cavusoglu H (2009) Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Inform. Systems Res. 20(2):198–217.LinkGoogle Scholar
  • Cavusoglu H, Raghunathan S, Yue WT (2008b) Decision-theoretic and game-theoretic approaches to IT security investment. J. Management Inform. Systems 25(2):281–304.CrossrefGoogle Scholar
  • Cezar A, Cavusoglu H, Raghunathan S (2017) Sourcing information security operations: The role of risk interdependency and competitive externality in outsourcing decisions. Production Oper. Management 26(5):860–879.CrossrefGoogle Scholar
  • Cheung KF, Bell MGH (2021) Attacker-defender model against quantal response adversaries for cyber security in logistics management: An introductory study. Eur. J. Oper. Res. 291(2):471–481.CrossrefGoogle Scholar
  • Demirhan D, Jacob VS, Raghunathan S (2007) Strategic IT investments: The impact of switching cost and declining IT cost. Management Sci. 53(2):208–226.LinkGoogle Scholar
  • EY Global Information Security Survey (2020) How does security evolve from bolted-on to built-in? Retrieved January 15, 2024, https://assets.ey.com/content/dam/ey-sites/ey-com/en_gl/topics/advisory/ey-global-information-security-survey-2020-single-pages.pdf.Google Scholar
  • Gao X, Zhong WJ, Mei S (2013) Information security investment when hackers disseminate knowledge. Decision Anal. 10(4):352–368.LinkGoogle Scholar
  • Gao X, Zhong WJ, Mei S (2014) A game-theoretic analysis of information sharing and security investment for complementary firms. J. Oper. Res. Soc. 65(11):1682–1691.CrossrefGoogle Scholar
  • Guan PQ, He ML, Zhuang J, Hora SC (2017) Modeling a multitarget attacker–defender game with budget constraints. Decision Anal. 14(2):87–107.LinkGoogle Scholar
  • Gupta R, Biswas B, Biswas I, Sana SS (2020) Firm investment decisions for information security under a fuzzy environment: A game-theoretic approach. Inform. Comput. Security 29(1):73–104.CrossrefGoogle Scholar
  • Hausken K, Zhuang J (2016) The strategic interaction between a company and the government surrounding disasters. Ann. Oper. Res. 237(1):27–40.CrossrefGoogle Scholar
  • Hui KL, Hui W, Yue WT (2012) Information security outsourcing with system interdependency and mandatory security requirement. J. Management Inform. Systems 29(3):117–156.CrossrefGoogle Scholar
  • Krebs B (2014) Email attack on vendor set up breach at target. Retrieved January 15, 2024, https://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/.Google Scholar
  • Kunreuther H, Heal G (2003) Interdependent security. J. Risk Uncertainty 26(2–3):231–249.CrossrefGoogle Scholar
  • Lee CH, Geng XJ, Raghunathan S (2013) Contracting information security in the presence of double moral hazard. Inform. Systems Res. 24(2):295–311.LinkGoogle Scholar
  • Luo SY, Choi TM (2022) E-commerce supply chains with considerations of cyber‐security: Should governments play a role? Production Oper. Management 31(5):2107–2126.CrossrefGoogle Scholar
  • Pala A, Zhuang J (2019) Information sharing in cybersecurity: A review. Decision Anal. 16(3):172–196.LinkGoogle Scholar
  • Ponemon (2022) Data risk in the third-party ecosystem study. Retrieved January 15, 2024, hubspotusercontent-na1.net.Google Scholar
  • Qian XF, Liu XB, Pei J, Pardalos PM (2018) A new game of information sharing and security investment between two allied firms. Internat. J. Production Res. 56(12):4069–4086.CrossrefGoogle Scholar
  • Qian XF, Liu XB, Pei J, Pardalos PM, Liu L (2017) A game-theoretic analysis of information security investment for multiple firms in a network. J. Oper. Res. Soc. 68(10):1290–1305.CrossrefGoogle Scholar
  • Shan X, Zhuang J (2013) Hybrid defensive resource allocations in the face of partially strategic attackers in a sequential defender–attacker game. Eur. J. Oper. Res. 228(1):262–272.CrossrefGoogle Scholar
  • Shan X, Zhuang J (2014) Subsidizing to disrupt a terrorism supply chain—A four-player game. J. Oper. Res. Soc. 65(7):1108–1119.CrossrefGoogle Scholar
  • Simon J, Omar A (2020) Cybersecurity investments in the supply chain: Coordination and a strategic attacker. Eur. J. Oper. Res. 282(1):161–171.CrossrefGoogle Scholar
  • Verizon (2024) 2024 data breach investigations report. Report, Business Resources and Industry Insights, Verizon Business. https://www.verizon.com/business/resources/Tf7/reports/2024-dbir-data-breach-investigations-report.pdf.Google Scholar
  • Vijayan J (2008) Changes to PCI standard not expected to up ante on protecting payment card data. Time (August 20), https://www.computerworld.com/article/1574360/changes-to-pci-standard-not-expected-to-up-ante-on-protecting-payment-card.html.Google Scholar
  • Wu Y, Feng GZ, Wang NM, Liang HG (2015) Game of information security investment: Impact of attack types and network vulnerability. Expert Systems Appl. 42(15–16):6132–6146.CrossrefGoogle Scholar
  • Wu Y, Xiao HC, Dai T, Cheng D (2021) A game-theoretical model of firm security reactions responding to a strategic hacker in a competitive industry. J. Oper. Res. Soc. 73(4):716–740.CrossrefGoogle Scholar
  • Wu Y, Xu M, Cheng D, Dai T (2022) Information security strategies for information-sharing firms considering a strategic hacker. Decision Anal. 19(2):99–122.LinkGoogle Scholar
  • Xu L, Li Y, Lin Y, Tang C, Yao Q (2024) Supply chain cybersecurity investments with interdependent risks under different information exchange modes. Internat. J. Production Res. 62(6):2034–2059.CrossrefGoogle Scholar
  • Yang D, Xiao T (2017) Coordination of a supply chain with loss-averse consumers in service quality. Internat. J. Production Res. 55(12):3411–3430.CrossrefGoogle Scholar
  • Zhang F (2006) Competition, cooperation, and information sharing in a two-echelon assembly system. Manufacturing Service Oper. Management 8(3):273–291.LinkGoogle Scholar
  • Zhang J, Wang Y, Zhuang J (2021) Modeling multi-target defender-attacker games with quantal response attack strategies. Reliability Engrg. Systems Safety 205:107165.Google Scholar
  • Zhao X, Xue L, Whinston AB (2013) Managing interdependent information security risks: Cyberinsurance, managed security services, and risk pooling arrangements. J. Management Inform. Systems 30(1):123–152.CrossrefGoogle Scholar
  • Zhu W, He Y (2017) Green product design in supply chains under competition. Eur. J. Oper. Res. 258(1):165–180.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree