This paper considers the implications of network effects and distinction of security measures in the risk management procedure. We compare three models in the risk management procedure: without network effects and general protection measures, without network effects but with general protection, and with both network effects and general protection measures. The paper details the impact in terms of security risks, investment levels, and benefits of security investment, in the three models. We show that the preferable way to conduct risk management procedure is to follow the latter of the three models.
CITATION STYLE
Yue, W. T., Cakanyildirim, M., Ryu, Y. U., & Liu, D. (2004). IT security risk management under network effects and layered protection strategy. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3073, 331–348. https://doi.org/10.1007/978-3-540-25952-7_25
Mendeley helps you to discover research relevant for your work.