Show simple item record

dc.contributor.advisorWhinston, Andrew B.en
dc.creatorZhao, Xia, 1977-en
dc.date.accessioned2008-08-28T23:44:08Zen
dc.date.available2008-08-28T23:44:08Zen
dc.date.issued2007en
dc.identifier.urihttp://hdl.handle.net/2152/3377en
dc.description.abstractThis dissertation consists of three essays that explore economic issues on information security and risk management. In the first essay, we develop an economic mechanism which coordinates security strategies of Service Providers (SPs). SPs are best positioned to safeguard the Internet. However, they generally do not have incentives to take such a responsibility in the distributed computing environment. The proposed certification mechanism induces SPs to voluntarily accept the liability of Internet security. SPs who take the liability signal their capability in conducting secure computing and benefit from such recognition. We use a game-theoretic model to examine SPs' incentives and the social welfare. Our results show that the certification mechanism can generate a more secure Internet communication environment. The second essay studies the impact of cyberinsurance and alternative risk management solutions on firms' information security strategies. In the existing literature, cyberinsurance has been proposed as a solution to transfer information risks and reduce security spending. However, we show that cyberinsurance by itself is deficient in addressing the overinvestment issue. We find that the joint use of cyberinsurance and risk pooling arrangement optimizes firms' security investment. In the case with a large number of firms, we show that firms will invest at the socially optimal level. The third essay examines the information role of vendors' patching strategies. Patching after software release has become an important stage in the software development cycle. In the presence of quality uncertainty, we show that vendors can leverage the patch release times to signal the quality of their software products. We define a new belief profile and identify two types of separating equilibria in a dynamic setting.en
dc.format.mediumelectronicen
dc.language.isoengen
dc.rightsCopyright © is held by the author. Presentation of this material on the Libraries' web site by University Libraries, The University of Texas at Austin was made possible under a limited license grant from the author who has retained all copyrights in the works.en
dc.subject.lcshComputer securityen
dc.subject.lcshRisk managementen
dc.subject.lcshIncentives in industry--Econometric modelsen
dc.titleEconomic analysis on information security and risk managementen
dc.description.departmentInformation, Risk, and Operations Managementen
dc.identifier.oclc175278932en
dc.type.genreThesisen
thesis.degree.departmentInformation, Risk, and Operations Managementen
thesis.degree.disciplineManagement Science and Information Systemsen
thesis.degree.grantorThe University of Texas at Austinen
thesis.degree.levelDoctoralen
thesis.degree.nameDoctor of Philosophyen


Files in this item

Icon

This item appears in the following Collection(s)

Show simple item record