EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Decision support model for cybersecurity risk planning: A two-stage stochastic programming framework featuring firms, government, and attacker

Jomon A. Paul and Minjiao Zhang

European Journal of Operational Research, 2021, vol. 291, issue 1, 349-364

Abstract: We study the decision-making problem in cybersecurity risk planning concerning resource allocation strategies by government and firms. Aiming to minimize the social costs incurred due to cyberattacks, we consider not only the monetary investment costs but also the deprivation costs due to detection and containment delays. We also consider the effect of positive externalities of the overall cybersecurity investment on an individual firm’s resource allocation attitude. The optimal decision guides the firms on the countermeasure portfolio mix (detection vs. prevention vs. containment) and government intelligence investments while accounting for actions of a strategic attacker and firm budgetary limitations. We accomplish this via a two-stage stochastic programming model. In the first stage, firms decide on prevention and detection investments aided by government intelligence investments that improve detection effectiveness. In the second stage, once the attacker’s actions are realized, firms decide on containment investments after evaluating the cyberattacks. We demonstrate the applicability of our model via a case study. We find that externality can reduce the government’s intelligence investment and that the firm’s detection investment receives priority over containment. We also note that while prevention effectiveness has a decreasing impact on intelligence, it is beneficial to spend more on intelligence given its increasing returns to the reduction of social costs related to cybersecurity.

Keywords: Decision analysis; Cybersecurity; Stochastic programming; Intelligence investment; Social cost; Safeguards; Externality (search for similar items in EconPapers)
Date: 2021
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (6)

Downloads: (external link)
http://www.sciencedirect.com/science/article/pii/S0377221720307992
Full text for ScienceDirect subscribers only

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:eee:ejores:v:291:y:2021:i:1:p:349-364

DOI: 10.1016/j.ejor.2020.09.013

Access Statistics for this article

European Journal of Operational Research is currently edited by Roman Slowinski, Jesus Artalejo, Jean-Charles. Billaut, Robert Dyson and Lorenzo Peccati

More articles in European Journal of Operational Research from Elsevier
Bibliographic data for series maintained by Catherine Liu ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:eee:ejores:v:291:y:2021:i:1:p:349-364