< Back to previous page


Using theories from economics & finance to address information security risks.

The continued growth in the use of information technology has exposed businesses to the risk of loss of data, services and business operations due to an attack on their information systems. However, information security is not only a technical issue but an economic issue as well. Though there has been some research on the economic aspect of information security, the research in the domain is sparse and this motivates us to explore the application of theories and concepts from economics and finance tounderstand the economic dimension of information security. The research follows the Design Science Research approach. The ongoing research started with the evaluation of information security investment models proposed in the literature and the aim is to design and develop a prediction market for informed information security investment and risk management decisions. We hypothesize that: (i) a well-designed prediction market can be used for risk estimation and estimation of loss impact in the information security domain. This will help the decision makers in adopting an appropriate risk mitigation strategy; (ii) Prediction markets can further be useful in hedging information security risks by allowing trading of financial instruments linked to the risk of information security events. We explore the key design issues relevant to the market for trading of information security related financial instruments, which can be traded to facilitate the mitigation of a substantial proportion (if not all) of the information security risk.
Date:1 Feb 2015 →  4 Aug 2015
Disciplines:Applied economics, Business administration and accounting, Economic history, Macroeconomics and monetary economics, Management, Microeconomics, Tourism
Project type:Collaboration project