A System Dynamics Model for Information Security Management
Information & Management , 52 (1), pp 123-134, January 2015
Derek L. Nazareth and Jae J. Choi
Managing security for information assets is a critically important and challenging task. As organizations provide clients with ubiquitous access to information systems, and the frequency and sophistication of security threats grows, the need to provide security assumes greater importance. Effective information security management requires security resources be deployed on multiple fronts, including attack prevention, vulnerability reduction, and threat deterrence. Using a system dynamics model, this research evaluates alternative security management strategies through an investment and security cost lens, to provide managers guidance for security decisions. Results suggest that investment in security detection tools has a higher payoff than deterrence investment.