Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gordon-Loeb Model for Cybersecurity Investments*

Published byHarjanti Tedja Modified over 5 years ago

Similar presentations

Presentation on theme: "Gordon-Loeb Model for Cybersecurity Investments*"β€” Presentation transcript:

1 Gordon-Loeb Model for Cybersecurity Investments*
Benefits and Costs of an Investment in Cyber/Information Security* Insights from the Gordon-Loeb Model Key components of optimal amount to invest: Potential losses from cybersecurity breach (cost savings or lost benefits) Vulnerabilities (including threats) or probability of breach Productivity of investments. Optimal level of cybersecurity investments does not always increase with level of vulnerability. Firms should generally invest ≀ 37% of expected loss (i.e., invest, but invest wisely). BBB Recommends the Gordon-Loeb Model 2017 U.S. Better Business Bureau (BBB) report recommends the Gordon-Loeb Model as "...a useful guide for organizations trying to find the right level of cybersecurity investment." $ 𝒗𝑳 Expected Benefits of Investment =(π’—βˆ’π‘Ί[𝒛,𝒗])𝑳 𝒛 Level of investment in information security πŸ’πŸ“ 𝒐 𝒛 βˆ— Costs of Investment 𝒛 βˆ— (𝒗) < 𝟏 𝒆 𝒗𝑳 π‘£βˆ’ Vulnerability (Probability of security breach) πΏβˆ’ Potential Loss π‘£πΏβˆ’ Expected Loss π‘§βˆ’ Level of Investment 𝑧 βˆ— βˆ’ Optimal Investment Level 𝑆[𝑧,𝑣]βˆ’ Revised v after z (Revised probability of breach) Benefits are increasing at a decreasing rate. 100% security is not possible. How Can Organizations Use the Gordon-Loeb Model? Step 1. Estimate the potential loss (L) from a cybersecurity breach for each set of information (information segmentation is important). Step 2. Estimate the probability that an information set will be breached, by examining its vulnerability (𝑣) to attack. Step 3. Create a grid with all the possible combinations of the first two steps, from low value, low vulnerability, to high value, high vulnerability. Step 4. Focus spending where it should reap the largest net benefits based on productivity of investments. See YouTube Video explaining the Gordon-Loeb Model: *Gordon, L.A. and M.P. Loeb, β€œThe Economics of Information Security Investment,” ACM Transactions on Information and System Security, November 2002. *Gordon, L.A., M.P. Loeb, and L. Zhou,Β β€œInvesting in Cybersecurity: Insights from the Gordon-Loeb Model,” Journal of Information Security, March 2016.

Download ppt "Gordon-Loeb Model for Cybersecurity Investments*"

Similar presentations

Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.

Network Security: an Economic Perspective Marc Lelarge (INRIA-ENS) currently visiting STANFORD TRUST seminar, Berkeley 2011.
1 Security Policy and Financial Costs (original slides from Josh Kaplan, Stephanie Losi, and Eric Chang)

1 Security Policy and Financial Costs (original slides from Josh Kaplan, Stephanie Losi, and Eric Chang)
Interest, Rent, and Profit. Interest It is the price for credit or loanable funds. It is also called the return earned by capital as an input in the production.

Interest, Rent, and Profit. Interest It is the price for credit or loanable funds. It is also called the return earned by capital as an input in the production.
Making Clean Local Energy Accessible Now Storage Bid Evaluation Protocols Role of CEP, Quantifiable Benefits Stephanie Wang Policy Director Clean Coalition.

Making Clean Local Energy Accessible Now Storage Bid Evaluation Protocols Role of CEP, Quantifiable Benefits Stephanie Wang Policy Director Clean Coalition.
Capital Structure: Part 2 For 9.220, Term 1, 2002/03 02_Lecture20.ppt Student Version.

Capital Structure: Part 2 For 9.220, Term 1, 2002/03 02_Lecture20.ppt Student Version.
ECONOMIC ASPECTS OF CYBERSECURITY

ECONOMIC ASPECTS OF CYBERSECURITY
The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.

The costs and benefits related to cyber security breaches Chapter 3 – Gordon & Loeb.
The Economics of Investment in Information Assurance: An Empirical Investigation By Dr. Lawrence A. Gordon* and Dr. Martin P. Loeb* * Robert H. Smith School.

The Economics of Investment in Information Assurance: An Empirical Investigation By Dr. Lawrence A. Gordon* and Dr. Martin P. Loeb* * Robert H. Smith School.
1 Estimating the Cost and Benefits of Software Assurance Investments Thomas P. Frazier November 9, 2006.

1 Estimating the Cost and Benefits of Software Assurance Investments Thomas P. Frazier November 9, 2006.
Potential Research Topics in IS Security and Audit Vern Richardson, University of Arkansas.

Potential Research Topics in IS Security and Audit Vern Richardson, University of Arkansas.
McGraw-Hill/Irwin Β© 2009 The McGraw-Hill Companies, All Rights Reserved Chapter 9 The Financial System, Money, and Prices.

McGraw-Hill/Irwin Β© 2009 The McGraw-Hill Companies, All Rights Reserved Chapter 9 The Financial System, Money, and Prices.
1 EGGC4214 Systems Engineering & Economy Lecture 2 Cost Concepts and Economic Environment.

1 EGGC4214 Systems Engineering & Economy Lecture 2 Cost Concepts and Economic Environment.
Economic Models & Approaches in Information Security for Computer Networks Authors: P. Souras et al. Submission: International Journal of Network Security.

Economic Models & Approaches in Information Security for Computer Networks Authors: P. Souras et al. Submission: International Journal of Network Security.
James Brehm Senior Strategist Compass Intelligence.

James Brehm Senior Strategist Compass Intelligence.
November 2013 This is UTC Building & Industrial Systems.

November 2013 This is UTC Building & Industrial Systems.
Β© Family Economics & Financial Education – May 2005 – Spending Plan Unit – Developing a Spending Plan Funded by a grant from Take Charge America, Inc.

Β© Family Economics & Financial Education – May 2005 – Spending Plan Unit – Developing a Spending Plan Funded by a grant from Take Charge America, Inc.
Do Now: Investment curve handout. Draw a fully labeled graph of a loanable funds market including the savings and investment curves.

Do Now: Investment curve handout. Draw a fully labeled graph of a loanable funds market including the savings and investment curves.
Engineering | Architecture | Design-Build | Surveying | Planning | GeoSpatial Solutions November 16, 2015 THE AWWA J100 - WHAT IT IS, WHY IT IS BEING UPDATED,

Engineering | Architecture | Design-Build | Surveying | Planning | GeoSpatial Solutions November 16, 2015 THE AWWA J100 - WHAT IT IS, WHY IT IS BEING UPDATED,
Copyright Β© 2015 Scott Borg/U.S. Cyber Consequences Unit. All rights reserved. Making Economics a Cyber-Security Weapon Scott Borg Director (CEO) and Chief.

Copyright Β© 2015 Scott Borg/U.S. Cyber Consequences Unit. All rights reserved. Making Economics a Cyber-Security Weapon Scott Borg Director (CEO) and Chief.
EMPIRICAL RESEARCH RELATED TO ECONOMIC ASPECTS OF CYBER/ INFORMATION SECURITY: Concerns and Potential Solutions by Dr. Lawrence A. Gordon E rnst & Young.

EMPIRICAL RESEARCH RELATED TO ECONOMIC ASPECTS OF CYBER/ INFORMATION SECURITY: Concerns and Potential Solutions by Dr. Lawrence A. Gordon E rnst & Young.

Similar presentations

Ads by Google