EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

The Value of Intrusion Detection Systems in Information Technology Security Architecture

Huseyin Cavusoglu (), Birendra Mishra () and Srinivasan Raghunathan ()
Additional contact information
Huseyin Cavusoglu: A. B. Freeman School of Business, Tulane University, 7 McAlister Drive, Goldring/Woldenberg Hall, New Orleans, Louisiana 70118
Birendra Mishra: School of Management, University of Texas at Dallas, Richardson, Texas 75083, and Anderson Graduate School of Management, University of California, Riverside, Riverside, California 92521
Srinivasan Raghunathan: School of Management, University of Texas at Dallas, Richardson, Texas 75083

Information Systems Research, 2005, vol. 16, issue 1, 28-46

Abstract: The increasing significance of information technology (IT) security to firms is evident from their growing IT security budgets. Firms rely on security technologies such as firewalls and intrusion detection systems (IDSs) to manage IT security risks. Although the literature on the technical aspects of IT security is proliferating, a debate exists in the IT security community about the value of these technologies. In this paper, we seek to assess the value of IDSs in a firm’s IT security architecture. We find that the IDS configuration, represented by detection (true positive) and false alarm (false positive) rates, determines whether a firm realizes a positive or negative value from the IDS. Specifically, we show that a firm realizes a positive value from an IDS only when the detection rate is higher than a critical value, which is determined by the hacker’s benefit and cost parameters. When the firm realizes a positive (negative) value, the IDS deters (sustains) hackers. However, irrespective of whether the firm realizes a positive or negative value from the IDS, the IDS enables the firm to better target its investigation of users, while keeping the detection rate the same. Our results suggest that the positive value of an IDS results not from improved detection per se, but from an increased deterrence enabled by improved detection. Finally, we show that the firm realizes a strictly nonnegative value if the firm configures the IDS optimally based on the hacking environment.

Keywords: economics of IT security; intrusion detection systems (IDSs); ROC curves; security configuration; IT security management (search for similar items in EconPapers)
Date: 2005
References: View references in EconPapers View complete reference list from CitEc
Citations: View citations in EconPapers (37)

Downloads: (external link)
http://dx.doi.org/10.1287/isre.1050.0041 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:inm:orisre:v:16:y:2005:i:1:p:28-46

Access Statistics for this article

More articles in Information Systems Research from INFORMS Contact information at EDIRC.
Bibliographic data for series maintained by Chris Asher ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:inm:orisre:v:16:y:2005:i:1:p:28-46