Effect of security investment strategy on the business value of managed security service providers

Nan Feng, Meiyun Wang, Minqiang Li, Dahui Li

Research output: Contribution to journalArticlepeer-review

11 Scopus citations

Abstract

Managed security service providers (MSSPs) have long provided clients with cost-effective methods and professional solutions for addressing issues related to information security. MSSPs provide three categories of security services, namely, prevention, detection, and response, to satisfy their clients’ security requirements and realize business value. This study develops a system dynamics model of the correlation between the security investment strategies of an MSSP and the effect of its business value. Simulations under opportunistic and targeted attacks are performed to discuss the effects of the various security investment strategies of an MSSP on its business value. The study results indicate that investing in prevention has a stronger effect on the business value of an MSSP than investing in detection and response and that security investments on opportunistic attacks are more efficient than those on targeted attacks. Sensitivity analysis shows the robustness of the system dynamics model proposed in this study.

Original languageEnglish (US)
Article number100843
JournalElectronic Commerce Research and Applications
Volume35
DOIs
StatePublished - May 1 2019

Bibliographical note

Funding Information:
The authors are very grateful to all anonymous reviewers whose invaluable comments and suggestions substantially helped improve the quality of the article. The research was supported by the National Natural Science Foundation of China (nos. 71871155 and 71631003 ).

Publisher Copyright:
© 2019 Elsevier B.V.

Keywords

  • Business value
  • Managed security service
  • Security investment
  • System dynamics

Fingerprint

Dive into the research topics of 'Effect of security investment strategy on the business value of managed security service providers'. Together they form a unique fingerprint.

Cite this