Cybersecurity Investment Guidance: Extensions of the Gordon and Loeb Model

Date

2016-03-16

Department

Program

Citation of Original Publication

Farrow, Scott; Szanton, Jules; Cybersecurity Investment Guidance: Extensions of the Gordon and Loeb Model; Journal of Information Security, Vol.7, No.2,pp 15-28, 16 March, 2016; http://dx.doi.org/10.4236/jis.2016.72002

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Attribution 4.0 International (CC BY 4.0)

Subjects

Abstract

Extensions of the Gordon-Loeb [1] and the Gordon-Loeb-Lucyshyn-Zhou [2] models are presented based on mathematical equivalency with a generalized homeland security model. The extensions include limitations on changes in the probability of attack, simultaneous effects on probability and loss, diversion of attack, and shared non-information defenses. Legal cases are then investigated to assess approximate magnitudes of external effects and the extent they are internalized by the legal system.