Modeling the effect of spending on cyber security by using surplus process
In this paper, we assume the security level of a system is a quantifiable metric and apply the insurance company ruin theory in assessing the defense failure frequencies. The current security level of an information system can be viewed as the initial insurer surplus; defense investment can be viewe...
| Main Authors: | , , |
|---|---|
| Other Authors: | |
| Format: | Journal Article |
| Language: | English |
| Published: |
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/145254 |
| _version_ | 1826118995829325824 |
|---|---|
| author | Nie, Ciyu Li, Jingchao Wang, Shaun |
| author2 | Nanyang Business School |
| author_facet | Nanyang Business School Nie, Ciyu Li, Jingchao Wang, Shaun |
| author_sort | Nie, Ciyu |
| collection | NTU |
| description | In this paper, we assume the security level of a system is a quantifiable metric and apply the insurance company ruin theory in assessing the defense failure frequencies. The current security level of an information system can be viewed as the initial insurer surplus; defense investment can be viewed as premium income resulting in an increase in the security level; cyberattack arrivals follow a Poisson process, and the impact of attacks is modeled as losses on the security level. The occurrence of cyber breach is modeled as a ruin event. We use this framework to determine optimal investment in cyber security that minimizes the total cyber costs. We show by numerical examples that there is an optimal allocation of total cyber security budget to (1) IT security maintenance/upkeep spending versus (2) external cyber risk transfer. |
| first_indexed | 2024-10-01T04:52:47Z |
| format | Journal Article |
| id | ntu-10356/145254 |
| institution | Nanyang Technological University |
| language | English |
| last_indexed | 2024-10-01T04:52:47Z |
| publishDate | 2020 |
| record_format | dspace |
| spelling | ntu-10356/1452542023-05-19T07:31:18Z Modeling the effect of spending on cyber security by using surplus process Nie, Ciyu Li, Jingchao Wang, Shaun Nanyang Business School Engineering::Mathematics and analysis Budget Control Insurance In this paper, we assume the security level of a system is a quantifiable metric and apply the insurance company ruin theory in assessing the defense failure frequencies. The current security level of an information system can be viewed as the initial insurer surplus; defense investment can be viewed as premium income resulting in an increase in the security level; cyberattack arrivals follow a Poisson process, and the impact of attacks is modeled as losses on the security level. The occurrence of cyber breach is modeled as a ruin event. We use this framework to determine optimal investment in cyber security that minimizes the total cyber costs. We show by numerical examples that there is an optimal allocation of total cyber security budget to (1) IT security maintenance/upkeep spending versus (2) external cyber risk transfer. Published version 2020-12-16T02:06:23Z 2020-12-16T02:06:23Z 2020 Journal Article Nie, C., Li, J., & Wang, S. (2020). Modeling the effect of spending on cyber security by using surplus process. Mathematical Problems in Engineering, 2020, 3239591-. doi:10.1155/2020/3239591 1024-123X https://hdl.handle.net/10356/145254 10.1155/2020/3239591 2020 en Mathematical Problems in Engineering © 2020 Ciyu Nie et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. application/pdf |
| spellingShingle | Engineering::Mathematics and analysis Budget Control Insurance Nie, Ciyu Li, Jingchao Wang, Shaun Modeling the effect of spending on cyber security by using surplus process |
| title | Modeling the effect of spending on cyber security by using surplus process |
| title_full | Modeling the effect of spending on cyber security by using surplus process |
| title_fullStr | Modeling the effect of spending on cyber security by using surplus process |
| title_full_unstemmed | Modeling the effect of spending on cyber security by using surplus process |
| title_short | Modeling the effect of spending on cyber security by using surplus process |
| title_sort | modeling the effect of spending on cyber security by using surplus process |
| topic | Engineering::Mathematics and analysis Budget Control Insurance |
| url | https://hdl.handle.net/10356/145254 |
| work_keys_str_mv | AT nieciyu modelingtheeffectofspendingoncybersecuritybyusingsurplusprocess AT lijingchao modelingtheeffectofspendingoncybersecuritybyusingsurplusprocess AT wangshaun modelingtheeffectofspendingoncybersecuritybyusingsurplusprocess |