Essays in information security

Mukul Gupta, Purdue University

Abstract

Information Technology has become integral to organizations' pursuit to achieve a competitive edge in an interconnected environment. The information technology resources of organizations have become targets of perpetrators, who seek gains from causing damage to information resources of organizations. Organizations, hence, invest in security technologies and backup resources to try to minimize the damage caused from electronic criminal activities. In this dissertation, we seek to address how the organizations should decide on the level of their security infrastructure and specific technologies they use to address vulnerabilities in their information systems. In the first essay, we develop a market-based economic model in which the firm seeks to maximize the gains from information technology by investing in technology resources and attempt to limit the damage to resources through investment in security and backup infrastructure. The criminal strives to maximize the gains from successful exploitation of the vulnerabilities of the firm's resources. We evaluate the firm's and the criminal's decisions in response to variations in environmental parameters such as the punishment to criminals, the criminal skill level, the cost of resources, and the gains to the criminal. In the second essay, we develop an agent-based economy populated by the firm and the criminal agents that interact in an artificial environment. The agent-based approach provides us a platform to evaluate the theoretical predictions from the first essay through dynamic interaction between the agents in the economy. The third essay presents a Genetic Algorithm based approach to allow the organizations to select the security technology profile while minimizing the cost and maximizing the coverage of the vulnerabilities in information technology infrastructure.

Degree

Ph.D.

Advisors

Chaturvedi, Purdue University.

Subject Area

Management|Business costs

COinS