Professional Documents
Culture Documents
IT Security Investments
ssessing the return on investment that computer viruses and hacking took a $1.6
() (1- )
when an intrusion occurs. q2I is the probability that
2 3 internal (1- ) there is no signal when there is no intrusion.
pass The firm incurs a cost of c each time it monitors
(q F2)
the audit trail of a user for a possible intrusion. Man-
drop drop
ual monitoring done by the firm may not detect
(q1F ) (1-q 2F )
4 intrusions with certainty. This imperfection of moni-
toring is captured by an effectiveness parameter α, the
pass
(1-q 1F ) dishonest
()
honest probability with which monitoring detects a true
(1-)
intrusion. If manual monitoring detects the intru-
hack
5
no hack sion, the firm recovers a fraction φ of the damage
() (1-)
caused by the intruder without any additional cost. If
an intrusion is detected, the hacker incurs a penalty.
IDS
6 no signal 5
The penalty is composed of two components: A fixed
penalty β and a variable penalty proportional to the
(1-q 11) signal
(1-q 21)
expected amount of damage, γd. Hence, larger dam-
signal no signal
(q11) (q12)
age results in a larger penalty.
MONITORING
8 9 10 11
11 12
n order to evaluate investment in security, the
monitor
monitor
monitor
no monitor
no monitor
no monitor