EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Dynamics of organizational information security

Amitava Dutta and Rahul Roy

System Dynamics Review, 2008, vol. 24, issue 3, 349-375

Abstract: While technology is important, organizational and human factors also play a crucial role in achieving information security. In this paper we develop a system dynamics model of the interplay between technical and behavioral security factors, along with their impact on business value of an organization's IT infrastructure. The model captures delays associated with perception of security risk, the mechanics of user compliance and the mechanics of risk mitigation achieved by investments in security technology and user training. These structural model components interact to mediate the impact of security incidents on the business value generated by information technology enabled transactions. The model reveals the dynamics of erosion in and recovery of business value resulting from security incidents. Experiments with the model suggest that information security drills, analogous to fire drills, may be useful in maintaining user compliance, in addition to usual training and awareness activities. Among the management policy parameters examined, we find that improvement in realized business value is statistically significant for the minimum security risk the firm is willing to accept, and the proportion of security‐related investment spent on security technology versus security training and awareness. We also discuss how our model can be extended to help justify an organization's investments in information security, an objective that has been notoriously difficult to achieve in practice. Copyright © 2008 John Wiley & Sons, Ltd.

Date: 2008
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (2)

Downloads: (external link)
https://doi.org/10.1002/sdr.405

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:bla:sysdyn:v:24:y:2008:i:3:p:349-375

Ordering information: This journal article can be ordered from
http://www.blackwell ... bs.asp?ref=0883-7066

Access Statistics for this article

More articles in System Dynamics Review from System Dynamics Society
Bibliographic data for series maintained by Wiley Content Delivery ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:bla:sysdyn:v:24:y:2008:i:3:p:349-375