Economic analysis on information security and risk management


Economic analysis on information security and risk management

Show simple record

dc.contributor.advisor Whinston, Andrew B.
dc.creator Zhao, Xia, 1977- 2008-08-28T23:44:08Z 2008-08-28T23:44:08Z 2007 2008-08-28T23:44:08Z
dc.description.abstract This dissertation consists of three essays that explore economic issues on information security and risk management. In the first essay, we develop an economic mechanism which coordinates security strategies of Service Providers (SPs). SPs are best positioned to safeguard the Internet. However, they generally do not have incentives to take such a responsibility in the distributed computing environment. The proposed certification mechanism induces SPs to voluntarily accept the liability of Internet security. SPs who take the liability signal their capability in conducting secure computing and benefit from such recognition. We use a game-theoretic model to examine SPs' incentives and the social welfare. Our results show that the certification mechanism can generate a more secure Internet communication environment. The second essay studies the impact of cyberinsurance and alternative risk management solutions on firms' information security strategies. In the existing literature, cyberinsurance has been proposed as a solution to transfer information risks and reduce security spending. However, we show that cyberinsurance by itself is deficient in addressing the overinvestment issue. We find that the joint use of cyberinsurance and risk pooling arrangement optimizes firms' security investment. In the case with a large number of firms, we show that firms will invest at the socially optimal level. The third essay examines the information role of vendors' patching strategies. Patching after software release has become an important stage in the software development cycle. In the presence of quality uncertainty, we show that vendors can leverage the patch release times to signal the quality of their software products. We define a new belief profile and identify two types of separating equilibria in a dynamic setting.
dc.format.medium electronic
dc.language.iso eng
dc.rights Copyright © is held by the author. Presentation of this material on the Libraries' web site by University Libraries, The University of Texas at Austin was made possible under a limited license grant from the author who has retained all copyrights in the works.
dc.subject.lcsh Computer security
dc.subject.lcsh Risk management
dc.subject.lcsh Incentives in industry--Econometric models
dc.title Economic analysis on information security and risk management
dc.description.department Information, Risk, and Operations Management
dc.identifier.oclc 175278932
dc.identifier.recnum b68912134
dc.type.genre Thesis
dc.type.material text Information, Risk, and Operations Management Management Science and Information Systems The University of Texas at Austin Doctoral Doctor of Philosophy

Files in this work

Download File: zhaox29888.pdf
Size: 718.7Kb
Format: application/pdf

This work appears in the following Collection(s)

Show simple record

Advanced Search


My Account