{"title":"在设计加强中小型企业网络安全复原力的政策时进行成本效益模拟的系统动力学方法","authors":"Jihwon Song, Min Jae Park","doi":"10.1177/02666669241252996","DOIUrl":null,"url":null,"abstract":"The small and medium-sized enterprises (SMEs) with limited investment capacity are likely to be lax in enhancing their cybersecurity. Therefore, to strengthen cybersecurity at a national level, governments must intervene in the market by using support or regulatory policies to overcome market failures and address weaknesses. This study reviewed the efficiency of policy options to improve corporate cybersecurity resilience for SMEs that require government support, unlike large companies that can invest in security on their own. To achieve this, a causal loop diagram was created and analyzed from the perspective of system dynamics. The model incorporated government support variables and the decline in capabilities over time into the existing corporate security investment model reflecting the standard framework for cybersecurity from NIST. The simulation scenarios were constructed based on policy options considered by the Korean government. These include 1) pre-incident or post incident support services, and 2) management through tax credits and regulation. The results indicated that incentives, specifically tax credits, rather than regulation, were more effective in strengthening cyber resilience. This study describes the investment and internal capability development of a company affected by government policy, which is an external factor, and changes in profits can be observed by adding the company's profits and costs as variables. This profit variable allows for the comparison of a company's cyber resilience across scenarios. Additionally, if the government provides direct support immediately after a hacking incident, the company can recover more quickly. If these benefits are known and if the reporting of hacking damage is activated, cyber threat visibility will be secured by revealing hacking attacks that have been secretly conducted. Governments can use cyber threat visibility to strengthen national cybersecurity.","PeriodicalId":47137,"journal":{"name":"Information Development","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2024-05-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A system dynamics approach for cost-benefit simulation in designing policies to enhance the cybersecurity resilience of small and medium-sized enterprises\",\"authors\":\"Jihwon Song, Min Jae Park\",\"doi\":\"10.1177/02666669241252996\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The small and medium-sized enterprises (SMEs) with limited investment capacity are likely to be lax in enhancing their cybersecurity. Therefore, to strengthen cybersecurity at a national level, governments must intervene in the market by using support or regulatory policies to overcome market failures and address weaknesses. This study reviewed the efficiency of policy options to improve corporate cybersecurity resilience for SMEs that require government support, unlike large companies that can invest in security on their own. To achieve this, a causal loop diagram was created and analyzed from the perspective of system dynamics. The model incorporated government support variables and the decline in capabilities over time into the existing corporate security investment model reflecting the standard framework for cybersecurity from NIST. The simulation scenarios were constructed based on policy options considered by the Korean government. These include 1) pre-incident or post incident support services, and 2) management through tax credits and regulation. The results indicated that incentives, specifically tax credits, rather than regulation, were more effective in strengthening cyber resilience. This study describes the investment and internal capability development of a company affected by government policy, which is an external factor, and changes in profits can be observed by adding the company's profits and costs as variables. This profit variable allows for the comparison of a company's cyber resilience across scenarios. Additionally, if the government provides direct support immediately after a hacking incident, the company can recover more quickly. If these benefits are known and if the reporting of hacking damage is activated, cyber threat visibility will be secured by revealing hacking attacks that have been secretly conducted. Governments can use cyber threat visibility to strengthen national cybersecurity.\",\"PeriodicalId\":47137,\"journal\":{\"name\":\"Information Development\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2024-05-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Development\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.1177/02666669241252996\",\"RegionNum\":4,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"INFORMATION SCIENCE & LIBRARY SCIENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Development","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1177/02666669241252996","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
A system dynamics approach for cost-benefit simulation in designing policies to enhance the cybersecurity resilience of small and medium-sized enterprises
The small and medium-sized enterprises (SMEs) with limited investment capacity are likely to be lax in enhancing their cybersecurity. Therefore, to strengthen cybersecurity at a national level, governments must intervene in the market by using support or regulatory policies to overcome market failures and address weaknesses. This study reviewed the efficiency of policy options to improve corporate cybersecurity resilience for SMEs that require government support, unlike large companies that can invest in security on their own. To achieve this, a causal loop diagram was created and analyzed from the perspective of system dynamics. The model incorporated government support variables and the decline in capabilities over time into the existing corporate security investment model reflecting the standard framework for cybersecurity from NIST. The simulation scenarios were constructed based on policy options considered by the Korean government. These include 1) pre-incident or post incident support services, and 2) management through tax credits and regulation. The results indicated that incentives, specifically tax credits, rather than regulation, were more effective in strengthening cyber resilience. This study describes the investment and internal capability development of a company affected by government policy, which is an external factor, and changes in profits can be observed by adding the company's profits and costs as variables. This profit variable allows for the comparison of a company's cyber resilience across scenarios. Additionally, if the government provides direct support immediately after a hacking incident, the company can recover more quickly. If these benefits are known and if the reporting of hacking damage is activated, cyber threat visibility will be secured by revealing hacking attacks that have been secretly conducted. Governments can use cyber threat visibility to strengthen national cybersecurity.
期刊介绍:
Information Development is a peer-reviewed journal that aims to provide authoritative coverage of current developments in the provision, management and use of information throughout the world, with particular emphasis on the information needs and problems of developing countries. It deals with both the development of information systems, services and skills, and the role of information in personal and national development.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
