We propose an extension of the Gordon-Loeb model by considering multi-periods and relaxing the assumption of a continuous security breach probability function. Such adaptations allow capturing dynamic aspects of information security investment such as the advent of a disruptive technology and its consequences. In this paper, the case of big data analytics (BDA) and its disruptive effects on information security investment is theoretically investigated. Our analysis suggests a substantive decrease in such investment due to a technological shift. While we believe this case should be generalizable across the information security milieu, we illustrate our approach in the context of critical infrastructure protection (CIP) in which security cost reduction is of prior importance since potential losses reach unaffordable dimensions. Moreover, despite BDA has been considered as a promising method for CIP, its concrete effects have been discussed little.
CITATION STYLE
Percia David, D., Keupp, M. M., Ghernaouti, S., & Mermoud, A. (2017). Cyber security investment in the context of disruptive technologies: Extension of the gordon-loeb model and application to critical infrastructure protection. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10242 LNCS, pp. 296–301). Springer Verlag. https://doi.org/10.1007/978-3-319-71368-7_25
Mendeley helps you to discover research relevant for your work.