Empirical-Analysis Methodology for Information-Security Investment and Its Application to Reliable Survey of Japanese Firms

Ipsj Digital Courier Pub Date : 2007-09-15 DOI:10.2197/IPSJDC.3.585

Wei Liu, Hideyuki Tanaka, Kanta Matsuura

{"title":"Empirical-Analysis Methodology for Information-Security Investment and Its Application to Reliable Survey of Japanese Firms","authors":"Wei Liu, Hideyuki Tanaka, Kanta Matsuura","doi":"10.2197/IPSJDC.3.585","DOIUrl":null,"url":null,"abstract":"This paper presents a series of empirical analyses of information-security investment based on a reliable survey of Japanese enterprises. To begin with, after showing our methodology for representing the vulnerability level regarding the threat of computer viruses, we verify the re- lation between vulnerability level and the eﬀects of information security investment. Although in the ﬁrst section there is only a weak empirical support of the investment model, one can understand that the representing methodology is worth attempting in empirical analyses in this research ﬁeld. In the second section, we verify the relations between the probability of computer virus incidents and adopting a set of information security countermeasures. It is shown that “Defense Measure” associated with “Information Security Policy” and “Human Cultivation” has remarkable eﬀects on virus incidents. At the last step, we analyze the eﬀect of continuous investment in the three security countermeasures. The empirical results suggest that virus incidents were signiﬁcantly reduced in those enterprises which adopted the three countermeasures both in 2002 and in 2003.","PeriodicalId":432390,"journal":{"name":"Ipsj Digital Courier","volume":"138 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-09-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"38","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ipsj Digital Courier","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2197/IPSJDC.3.585","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 38

Abstract

This paper presents a series of empirical analyses of information-security investment based on a reliable survey of Japanese enterprises. To begin with, after showing our methodology for representing the vulnerability level regarding the threat of computer viruses, we verify the re- lation between vulnerability level and the eﬀects of information security investment. Although in the ﬁrst section there is only a weak empirical support of the investment model, one can understand that the representing methodology is worth attempting in empirical analyses in this research ﬁeld. In the second section, we verify the relations between the probability of computer virus incidents and adopting a set of information security countermeasures. It is shown that “Defense Measure” associated with “Information Security Policy” and “Human Cultivation” has remarkable eﬀects on virus incidents. At the last step, we analyze the eﬀect of continuous investment in the three security countermeasures. The empirical results suggest that virus incidents were signiﬁcantly reduced in those enterprises which adopted the three countermeasures both in 2002 and in 2003.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

信息安全投资的实证分析方法及其在日本企业可靠性调查中的应用

本文在对日本企业进行可靠调查的基础上，对信息安全投资进行了一系列实证分析。首先，在展示了我们关于计算机病毒威胁的脆弱性级别的表示方法之后，我们验证了脆弱性级别与信息安全投资效果之间的关系。虽然在第一部分中，投资模型的实证支持很薄弱，但我们可以理解，在这个研究领域的实证分析中，表征方法是值得尝试的。在第二部分中，我们验证了计算机病毒事件发生概率与采取一套信息安全对策之间的关系。结果表明，“防御措施”与“信息安全政策”和“人的修养”相结合对病毒事件的影响显著。最后一步，分析了三种安全对策中持续投资的效果。实证结果表明，在2002年和2003年采取三种对策的企业中，病毒事件显著减少。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Ipsj Digital Courier

自引率

0.00%

发文量