Show simple item record

dc.creatorZhao, Xia, 1977-en_US
dc.date.accessioned2008-08-28T23:44:08Z
dc.date.available2008-08-28T23:44:08Z
dc.date.created2007en_US
dc.date.issued2008-08-28T23:44:08Z
dc.identifier.urihttp://hdl.handle.net/2152/3377
dc.description.abstractThis dissertation consists of three essays that explore economic issues on information security and risk management. In the first essay, we develop an economic mechanism which coordinates security strategies of Service Providers (SPs). SPs are best positioned to safeguard the Internet. However, they generally do not have incentives to take such a responsibility in the distributed computing environment. The proposed certification mechanism induces SPs to voluntarily accept the liability of Internet security. SPs who take the liability signal their capability in conducting secure computing and benefit from such recognition. We use a game-theoretic model to examine SPs' incentives and the social welfare. Our results show that the certification mechanism can generate a more secure Internet communication environment. The second essay studies the impact of cyberinsurance and alternative risk management solutions on firms' information security strategies. In the existing literature, cyberinsurance has been proposed as a solution to transfer information risks and reduce security spending. However, we show that cyberinsurance by itself is deficient in addressing the overinvestment issue. We find that the joint use of cyberinsurance and risk pooling arrangement optimizes firms' security investment. In the case with a large number of firms, we show that firms will invest at the socially optimal level. The third essay examines the information role of vendors' patching strategies. Patching after software release has become an important stage in the software development cycle. In the presence of quality uncertainty, we show that vendors can leverage the patch release times to signal the quality of their software products. We define a new belief profile and identify two types of separating equilibria in a dynamic setting.en_US
dc.format.mediumelectronicen_US
dc.language.isoengen_US
dc.rightsCopyright © is held by the author. Presentation of this material on the Libraries' web site by University Libraries, The University of Texas at Austin was made possible under a limited license grant from the author who has retained all copyrights in the works.en_US
dc.subject.lcshComputer securityen_US
dc.subject.lcshRisk managementen_US
dc.subject.lcshIncentives in industry--Econometric modelsen_US
dc.titleEconomic analysis on information security and risk managementen_US
dc.description.departmentInformation, Risk, and Operations Managementen_US
dc.identifier.oclc175278932en_US
dc.type.genreThesisen_US
thesis.degree.departmentInformation, Risk, and Operations Managementen_US
thesis.degree.disciplineManagement Science and Information Systemsen_US
thesis.degree.grantorThe University of Texas at Austinen_US
thesis.degree.levelDoctoralen_US
thesis.degree.nameDoctor of Philosophyen_US


Files in this item

Icon

This item appears in the following Collection(s)

Show simple item record