Choosing protection: User investments in security measures for cyber risk management

Choosing protection: User investments in security measures for cyber risk management

Firewalls, Intrusion Detection Systems (IDS), and cyber-insurance are widely used to protect against cyber-attacks and their consequences. The optimal investment in each of these security measures depends on the likelihood of threats and the severity of the damage they cause, on the user’s ability t...

Full description

Saved in:
Bibliographic Details
Main Authors: YAAKOV, Yoav Ben, WANG, Xinrun, MEYER, Joachim, AN, Bo
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Cyber insurance
Cybersecurity
Decision making
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/9150
https://ink.library.smu.edu.sg/context/sis_research/article/10153/viewcontent/GAMESEC19_Human_pv.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-10153
record_format dspace
spelling sg-smu-ink.sis_research-101532024-08-01T09:17:07Z Choosing protection: User investments in security measures for cyber risk management YAAKOV, Yoav Ben WANG, Xinrun MEYER, Joachim AN, Bo Firewalls, Intrusion Detection Systems (IDS), and cyber-insurance are widely used to protect against cyber-attacks and their consequences. The optimal investment in each of these security measures depends on the likelihood of threats and the severity of the damage they cause, on the user’s ability to distinguish between malicious and non-malicious content, and on the properties of the different security measures and their costs. We present a model of the optimal investment in the security measures, given that the effectiveness of each measure depends partly on the performance of the others. We also conducted an online experiment in which participants classified events as malicious or non-malicious, based on the value of an observed variable. They could protect themselves by investing in a firewall, an IDS or insurance. Four experimental conditions differed in the optimal investment in the different measures. Participants tended to invest preferably in the IDS, irrespective of the benefits from this investment. They were able to identify the firewall and insurance conditions in which investments were beneficial, but they did not invest optimally in these measures. The results imply that users’ intuitive decisions to invest resources in risk management measures are likely to be non-optimal. It is important to develop methods to help users in their decisions. 2019-11-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/9150 info:doi/10.1007/978-3-030-32430-8_3 https://ink.library.smu.edu.sg/context/sis_research/article/10153/viewcontent/GAMESEC19_Human_pv.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Cyber insurance Cybersecurity Decision making Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Cyber insurance
Cybersecurity
Decision making
Information Security
spellingShingle Cyber insurance
Cybersecurity
Decision making
Information Security
YAAKOV, Yoav Ben
WANG, Xinrun
MEYER, Joachim
AN, Bo
Choosing protection: User investments in security measures for cyber risk management
description Firewalls, Intrusion Detection Systems (IDS), and cyber-insurance are widely used to protect against cyber-attacks and their consequences. The optimal investment in each of these security measures depends on the likelihood of threats and the severity of the damage they cause, on the user’s ability to distinguish between malicious and non-malicious content, and on the properties of the different security measures and their costs. We present a model of the optimal investment in the security measures, given that the effectiveness of each measure depends partly on the performance of the others. We also conducted an online experiment in which participants classified events as malicious or non-malicious, based on the value of an observed variable. They could protect themselves by investing in a firewall, an IDS or insurance. Four experimental conditions differed in the optimal investment in the different measures. Participants tended to invest preferably in the IDS, irrespective of the benefits from this investment. They were able to identify the firewall and insurance conditions in which investments were beneficial, but they did not invest optimally in these measures. The results imply that users’ intuitive decisions to invest resources in risk management measures are likely to be non-optimal. It is important to develop methods to help users in their decisions.
format text
author YAAKOV, Yoav Ben
WANG, Xinrun
MEYER, Joachim
AN, Bo
author_facet YAAKOV, Yoav Ben
WANG, Xinrun
MEYER, Joachim
AN, Bo
author_sort YAAKOV, Yoav Ben
title Choosing protection: User investments in security measures for cyber risk management
title_short Choosing protection: User investments in security measures for cyber risk management
title_full Choosing protection: User investments in security measures for cyber risk management
title_fullStr Choosing protection: User investments in security measures for cyber risk management
title_full_unstemmed Choosing protection: User investments in security measures for cyber risk management
title_sort choosing protection: user investments in security measures for cyber risk management
publisher Institutional Knowledge at Singapore Management University
publishDate 2019
url https://ink.library.smu.edu.sg/sis_research/9150
https://ink.library.smu.edu.sg/context/sis_research/article/10153/viewcontent/GAMESEC19_Human_pv.pdf
_version_ 1814047756491161600

Similar Items