EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Managing the security of information systems with partially observable vulnerability

Radha Mookerjee and Jayarajan Samuel

Production and Operations Management, 2023, vol. 32, issue 9, 2902-2920

Abstract: We consider the security maintenance of information systems where the extent of vulnerability is partially observable. However, the exact extent of the vulnerability can be observed by paying an inspection fee. In each period, the decision‐maker needs to take one of three decisions: (i) do nothing, (ii) inspect and implement (fix the vulnerability) if needed, and (iii) directly implement. We prove that the optimal policy follows a threshold structure. For each value of k (the known vulnerability), there are two thresholds for the partial information: the lower of the two thresholds dictates whether for this value of k, inspection is optimal before a possible implementation or whether direct implementation (i.e., without inspection) is optimal. If inspection is done, another threshold determines whether an implementation is done or not. If neither threshold applies, it is optimal to do nothing. We develop a numerical procedure to find the decision variables in the maintenance policy. We extend the main model to include variable implementation and inspection costs. The optimality of the threshold policy is shown to hold under more general settings. We apply the model to a real‐world problem and demonstrate its applicability and value in managing security systems. Here, we study the security maintenance policies for three different real‐world telecommunications operators and find that these operators can significantly reduce the cost of managing their security by adopting our proposed policy. Another finding is that inspection is more beneficial for medium‐sized to large‐sized operators.

Date: 2023
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://doi.org/10.1111/poms.14015

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:bla:popmgt:v:32:y:2023:i:9:p:2902-2920

Ordering information: This journal article can be ordered from
http://onlinelibrary ... 1111/(ISSN)1937-5956

Access Statistics for this article

Production and Operations Management is currently edited by Kalyan Singhal

More articles in Production and Operations Management from Production and Operations Management Society
Bibliographic data for series maintained by Wiley Content Delivery ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:bla:popmgt:v:32:y:2023:i:9:p:2902-2920