Journal
ELECTRONIC COMMERCE RESEARCH AND APPLICATIONS
Volume 35, Issue -, Pages -Publisher
ELSEVIER
DOI: 10.1016/j.elerap.2019.100843
Keywords
Managed security service; Security investment; Business value; System dynamics
Categories
Funding
- National Natural Science Foundation of China [71871155, 71631003]
Ask authors/readers for more resources
Managed security service providers (MSSPs) have long provided clients with cost-effective methods and professional solutions for addressing issues related to information security. MSSPs provide three categories of security services, namely, prevention, detection, and response, to satisfy their clients' security requirements and realize business value. This study develops a system dynamics model of the correlation between the security investment strategies of an MSSP and the effect of its business value. Simulations under opportunistic and targeted attacks are performed to discuss the effects of the various security investment strategies of an MSSP on its business value. The study results indicate that investing in prevention has a stronger effect on the business value of an MSSP than investing in detection and response and that security investments on opportunistic attacks are more efficient than those on targeted attacks. Sensitivity analysis shows the robustness of the system dynamics model proposed in this study.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available