Effect of security investment strategy on the business value of managed security service providers

Nan Feng, Meiyun Wang, Minqiang Li, Dahui Li

Research output: Contribution to journalArticle

2 Scopus citations


Managed security service providers (MSSPs) have long provided clients with cost-effective methods and professional solutions for addressing issues related to information security. MSSPs provide three categories of security services, namely, prevention, detection, and response, to satisfy their clients’ security requirements and realize business value. This study develops a system dynamics model of the correlation between the security investment strategies of an MSSP and the effect of its business value. Simulations under opportunistic and targeted attacks are performed to discuss the effects of the various security investment strategies of an MSSP on its business value. The study results indicate that investing in prevention has a stronger effect on the business value of an MSSP than investing in detection and response and that security investments on opportunistic attacks are more efficient than those on targeted attacks. Sensitivity analysis shows the robustness of the system dynamics model proposed in this study.

Original languageEnglish (US)
Article number100843
JournalElectronic Commerce Research and Applications
StatePublished - May 1 2019



  • Business value
  • Managed security service
  • Security investment
  • System dynamics

Cite this