Gordon-Loeb Model for Cybersecurity Investments*

Slides:



Advertisements
Similar presentations
Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.
Advertisements

1 Security Policy and Financial Costs (original slides from Josh Kaplan, Stephanie Losi, and Eric Chang)
Interest, Rent, and Profit. Interest It is the price for credit or loanable funds. It is also called the return earned by capital as an input in the production.
Making Clean Local Energy Accessible Now Storage Bid Evaluation Protocols Role of CEP, Quantifiable Benefits Stephanie Wang Policy Director Clean Coalition.
Capital Structure: Part 2 For 9.220, Term 1, 2002/03 02_Lecture20.ppt Student Version.
ECONOMIC ASPECTS OF CYBERSECURITY
The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.
The Economics of Investment in Information Assurance: An Empirical Investigation By Dr. Lawrence A. Gordon* and Dr. Martin P. Loeb* * Robert H. Smith School.
1 Estimating the Cost and Benefits of Software Assurance Investments Thomas P. Frazier November 9, 2006.
Potential Research Topics in IS Security and Audit Vern Richardson, University of Arkansas.
McGraw-Hill/Irwin © 2009 The McGraw-Hill Companies, All Rights Reserved Chapter 9 The Financial System, Money, and Prices.
1 EGGC4214 Systems Engineering & Economy Lecture 2 Cost Concepts and Economic Environment.
Economic Models & Approaches in Information Security for Computer Networks Authors: P. Souras et al. Submission: International Journal of Network Security.
James Brehm Senior Strategist Compass Intelligence.
November 2013 This is UTC Building & Industrial Systems.
© Family Economics & Financial Education – May 2005 – Spending Plan Unit – Developing a Spending Plan Funded by a grant from Take Charge America, Inc.
Do Now: Investment curve handout. Draw a fully labeled graph of a loanable funds market including the savings and investment curves.
Engineering | Architecture | Design-Build | Surveying | Planning | GeoSpatial Solutions November 16, 2015 THE AWWA J100 - WHAT IT IS, WHY IT IS BEING UPDATED,
Copyright © 2015 Scott Borg/U.S. Cyber Consequences Unit. All rights reserved. Making Economics a Cyber-Security Weapon Scott Borg Director (CEO) and Chief.
EMPIRICAL RESEARCH RELATED TO ECONOMIC ASPECTS OF CYBER/ INFORMATION SECURITY: Concerns and Potential Solutions by Dr. Lawrence A. Gordon E rnst & Young.
Slide 1/20 Defending Against Strategic Adversaries in Dynamic Pricing Markets for Smart Grids Paul Wood, Saurabh Bagchi Purdue University
Financial Planning. Journal 2/2/2016 How does supply and demand affect the economy? Explain how the law of supply works? How does the law of demand?
TEL2813/IS2820 Security Management Cost-Benefit Analysis Net Present Value Model, Internal Rate of Return Model Return on Investment (Based on Book by.
Economics of Network Security Initial presentation Knut Magnus Kvamtrø NTNU
UNIT 4 Measuring the economy
The Secrets of Saving Introductory Level.
New Product Innovation
ANALYZING START-UP RESOURCES
ANALYZING START-UP RESOURCES
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Chapter 2 Asset and Liability Valuations and Income Recognition.
CASE FAIR OSTER ECONOMICS P R I N C I P L E S O F
Financial Accounting:
AP CSP: Data Assumptions & Good and Bad Data Visualizations
Medicaid Expansion.
Benchmarking Method Glen Anderson, Chief of Party
Apples-to-Apples: LIRA vs. RAMCAP
THE AGGREGATE DEMAND/ AGGREGATE SUPPLY MODEL
Transmission Workgroup 7th July 2011
Financial Liquidity Management
SAVINGS AND INVESTMENT
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024Low Power Wide Area Network.
© 2008 The McGraw-Hill Companies, Inc., All Rights Reserved.
CYBER SECURITY MARKET Global Cyber Security Market, Size, Share, Market Intelligence, Company Profiles, Market Trends, Strategy, Analysis, Forecast
CyberPaths Interdisciplinary Modules
Business Case Development Key Components :
Financial Liquidity Management
Multipliers & Fiscal Policy
National Audit Office Annual Report and Accounts
Christine Huang & Jierui (Jerry) Liu Advisor: Bruce C Arntzen
Cost transparency of pension funds Dutch experiences
Security as Risk Management
ECONOMICS Ch. 2.3: The Goals of the Nation
Levels of Organisation. YouTube Video – Levels of Organisation
Basic Concepts of GENERAL Accounting
LO1) To describe the purpose of a balance sheet
Financial Planning.
Contract Law An Economic Theory of Contracts Reliance and optimal reliance 11/2/09 Contract_C.
AP ECONOMICS: February 28
Agricultural Microeconomics Lesson 8: Advanced Spreadsheet Modeling
Life insurance at end November 2017
Consumption, savings and investment
Financial Statements, Tools, and Budgets
Scenario 1 PERSON 1 PERSON 2 PERSON 3 Costs £50pw Budget: £75pw.
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Mastercard® Threat scan
Figuring out CyberSecurity Return On Investment
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
CyberPaths Interdisciplinary Modules
Streamline your move to the cloud
Presentation transcript:

Gordon-Loeb Model for Cybersecurity Investments* Benefits and Costs of an Investment in Cyber/Information Security* Insights from the Gordon-Loeb Model Key components of optimal amount to invest: Potential losses from cybersecurity breach (cost savings or lost benefits) Vulnerabilities (including threats) or probability of breach Productivity of investments. Optimal level of cybersecurity investments does not always increase with level of vulnerability. Firms should generally invest ≤ 37% of expected loss (i.e., invest, but invest wisely). BBB Recommends the Gordon-Loeb Model 2017 U.S. Better Business Bureau (BBB) report recommends the Gordon-Loeb Model as "...a useful guide for organizations trying to find the right level of cybersecurity investment." $ 𝒗𝑳 Expected Benefits of Investment =(𝒗−𝑺[𝒛,𝒗])𝑳 𝒛 Level of investment in information security 𝟒𝟓 𝒐 𝒛 ∗ Costs of Investment 𝒛 ∗ (𝒗) < 𝟏 𝒆 𝒗𝑳 𝑣− Vulnerability (Probability of security breach) 𝐿− Potential Loss 𝑣𝐿− Expected Loss 𝑧− Level of Investment 𝑧 ∗ − Optimal Investment Level 𝑆[𝑧,𝑣]− Revised v after z (Revised probability of breach) Benefits are increasing at a decreasing rate. 100% security is not possible. How Can Organizations Use the Gordon-Loeb Model? Step 1. Estimate the potential loss (L) from a cybersecurity breach for each set of information (information segmentation is important). Step 2. Estimate the probability that an information set will be breached, by examining its vulnerability (𝑣) to attack. Step 3. Create a grid with all the possible combinations of the first two steps, from low value, low vulnerability, to high value, high vulnerability. Step 4. Focus spending where it should reap the largest net benefits based on productivity of investments. See YouTube Video explaining the Gordon-Loeb Model: https://www.youtube.com/watch?v=cd8dT0FuqQ4 *Gordon, L.A. and M.P. Loeb, “The Economics of Information Security Investment,” ACM Transactions on Information and System Security, November 2002. *Gordon, L.A., M.P. Loeb, and L. Zhou, “Investing in Cybersecurity: Insights from the Gordon-Loeb Model,” Journal of Information Security, March 2016.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.