Track: Student Paper Competition
Abstract
Cybersecurity is an inseparable component of business operations in any industry that utilizes information systems. Hence, the problem of cybersecurity investment, defined by the cost-effectiveness of investing on cybersecurity countermeasures, is an important financial and operational decision for most businesses. We propose a modeling framework that incorporates major components relevant to cybersecurity practice, and study the characteristics of optimal cybersecurity investment decisions for a firm. The uncertainty in the problem is captured through a stochastic programming framework. A case study based on real cybersecurity practice of an organization is also presented, where the results cast managerial insights for cybersecurity investment that can be widely applicable in typical businesses.