{"@context":{"@vocab":"https://cir.nii.ac.jp/schema/1.0/","rdfs":"http://www.w3.org/2000/01/rdf-schema#","dc":"http://purl.org/dc/elements/1.1/","dcterms":"http://purl.org/dc/terms/","foaf":"http://xmlns.com/foaf/0.1/","prism":"http://prismstandard.org/namespaces/basic/2.0/","cinii":"http://ci.nii.ac.jp/ns/1.0/","datacite":"https://schema.datacite.org/meta/kernel-4/","ndl":"http://ndl.go.jp/dcndl/terms/","jpcoar":"https://github.com/JPCOAR/schema/blob/master/2.0/"},"@id":"https://cir.nii.ac.jp/crid/1362825894883560960.json","@type":"Article","productIdentifier":[{"identifier":{"@type":"DOI","@value":"10.1145/581271.581274"}},{"identifier":{"@type":"URI","@value":"https://dl.acm.org/doi/10.1145/581271.581274"}},{"identifier":{"@type":"URI","@value":"https://dl.acm.org/doi/pdf/10.1145/581271.581274"}},{"identifier":{"@type":"NAID","@value":"80015683206"}}],"dc:title":[{"@value":"The economics of information security investment"}],"description":[{"type":"abstract","notation":[{"@value":"<jats:p>This article presents an economic model that determines the optimal amount to invest to protect a given set of information. The model takes into account the vulnerability of the information to a security breach and the potential loss should such a breach occur. It is shown that for a given potential loss, a firm should not necessarily focus its investments on information sets with the highest vulnerability. Since extremely vulnerable information sets may be inordinately expensive to protect, a firm may be better off concentrating its efforts on information sets with midrange vulnerabilities. The analysis further suggests that to maximize the expected benefit from investment to protect information, a firm should spend only a small fraction of the expected loss due to a security breach.</jats:p>"}]}],"creator":[{"@id":"https://cir.nii.ac.jp/crid/1382825894883560960","@type":"Researcher","foaf:name":[{"@value":"Lawrence A. Gordon"}],"jpcoar:affiliationName":[{"@value":"University of Maryland, College Park, MD"}]},{"@id":"https://cir.nii.ac.jp/crid/1382825894883560961","@type":"Researcher","foaf:name":[{"@value":"Martin P. Loeb"}],"jpcoar:affiliationName":[{"@value":"University of Maryland, College Park, MD"}]}],"publication":{"publicationIdentifier":[{"@type":"PISSN","@value":"10949224"},{"@type":"EISSN","@value":"15577406"}],"prism:publicationName":[{"@value":"ACM Transactions on Information and System Security"}],"dc:publisher":[{"@value":"Association for Computing Machinery (ACM)"}],"prism:publicationDate":"2002-11","prism:volume":"5","prism:number":"4","prism:startingPage":"438","prism:endingPage":"457"},"reviewed":"false","dc:rights":["https://www.acm.org/publications/policies/copyright_policy#Background"],"url":[{"@id":"https://dl.acm.org/doi/10.1145/581271.581274"},{"@id":"https://dl.acm.org/doi/pdf/10.1145/581271.581274"}],"createdAt":"2003-01-10","modifiedAt":"2025-06-18","relatedProduct":[{"@id":"https://cir.nii.ac.jp/crid/1050001337883736448","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isCitedBy"],"jpcoar:relatedTitle":[{"@value":"セキュリティ対策選定の実用的な一手法の提案とその評価"},{"@language":"en","@value":"A Practical Approach for Security Measure Selection Problem and Its Availability"},{"@language":"ja-Kana","@value":"セキュリティ タイサク センテイ ノ ジツヨウテキ ナ イチシュホウ ノ テイアン ト ソノ ヒョウカ"}]},{"@id":"https://cir.nii.ac.jp/crid/1050564287835840512","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isCitedBy"],"jpcoar:relatedTitle":[{"@value":"Empirical-Analysis Methodology for Information-Security Investment and Its Application to Reliable Survey of Japanese Firms"},{"@language":"en","@value":"Empirical-Analysis Methodology for Information-Security Investment and Its Application to Reliable Survey of Japanese Firms"}]},{"@id":"https://cir.nii.ac.jp/crid/1050845763798640512","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isCitedBy"],"jpcoar:relatedTitle":[{"@value":"セキュリティ対策案選択問題のモデル化"},{"@language":"ja-Kana","@value":"セキュリティ タイサクアン センタク モンダイ ノ モデルカ"}]},{"@id":"https://cir.nii.ac.jp/crid/1360588379396140416","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Optimal Security Investment Problem for Secure State Estimation on Cyber-Physical Systems"}]},{"@id":"https://cir.nii.ac.jp/crid/1360848664912735872","@type":"Article","resourceType":"学術雑誌論文(journal article)","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@value":"Empirical Investigation of Threats to Loyalty Programs by Using Models Inspired by the Gordon-Loeb Formulation of Security Investment"}]},{"@id":"https://cir.nii.ac.jp/crid/1390001205222854400","@type":"Article","relationType":["isReferencedBy"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Empirical-Analysis Methodology for Information-Security Investment and Its Application to Reliable Survey of Japanese Firms"}]},{"@id":"https://cir.nii.ac.jp/crid/1520009409521320832","@type":"Article","relationType":["isCitedBy"],"jpcoar:relatedTitle":[{"@value":"A Case Study of Gordon-Loeb Model on Optimal Security Investments"},{"@language":"ja-Kana","@value":"Case Study of Gordon Loeb Model on Optimal Security Investments"}]},{"@id":"https://cir.nii.ac.jp/crid/1520290883096584320","@type":"Article","relationType":["isCitedBy"],"jpcoar:relatedTitle":[{"@value":"セキュリティ対策案選択問題のモデル化"},{"@language":"ja-Kana","@value":"セキュリティ タイサクアン センタク モンダイ ノ モデルカ"}]},{"@id":"https://cir.nii.ac.jp/crid/1520290884017844736","@type":"Article","relationType":["isCitedBy"],"jpcoar:relatedTitle":[{"@value":"A Case Study of Gordon-Loop Model on Optimal Security Investments"},{"@language":"ja-Kana","@value":"Case Study of Gordon Loop Model on Optimal Security Investments"}]},{"@id":"https://cir.nii.ac.jp/crid/1520290884484640128","@type":"Article","relationType":["isCitedBy"],"jpcoar:relatedTitle":[{"@value":"防護動機理論を基づく情報セキュリティリスク解明モデルの高等学校教育への実践"},{"@language":"ja-Kana","@value":"ボウゴドウキ リロン オ モトズク ジョウホウ セキュリティリスク カイメイ モデル ノ コウトウ ガッコウ キョウイク エ ノ ジッセン"}]},{"@id":"https://cir.nii.ac.jp/crid/1520290884499519232","@type":"Article","relationType":["isCitedBy"],"jpcoar:relatedTitle":[{"@value":"組織のITセキュリティ推進のゲーム理論による分析 : セキュリティ推進部門と従業員間の指示と実施のゲーム"},{"@language":"ja-Kana","@value":"ソシキ ノ IT セキュリティ スイシン ノ ゲーム リロン ニ ヨル ブンセキ : セキュリティ スイシン ブモン ト ジュウギョウイン カン ノ シジ ト ジッシ ノ ゲーム"}]},{"@id":"https://cir.nii.ac.jp/crid/1520853834440003072","@type":"Article","relationType":["isCitedBy"],"jpcoar:relatedTitle":[{"@value":"分類された情報セキュリティ対策に依存する脅威発生率を導入したリスクアセスメントモデル"},{"@language":"ja-Kana","@value":"ブンルイ サレタ ジョウホウ セキュリティ タイサク ニ イゾン スル キョウイ ハッセイリツ オ ドウニュウ シタ リスクアセスメント モデル"}]},{"@id":"https://cir.nii.ac.jp/crid/1520853834460788224","@type":"Article","relationType":["isCitedBy"],"jpcoar:relatedTitle":[{"@value":"セキュリティ投資モデルとTrust-but-verifyアプローチによるモジュール選択"},{"@language":"ja-Kana","@value":"セキュリティ トウシ モデル ト Trust-but-verify アプローチ ニ ヨル モジュール センタク"}]}],"dataSourceIdentifier":[{"@type":"CROSSREF","@value":"10.1145/581271.581274"},{"@type":"CIA","@value":"80015683206"},{"@type":"CROSSREF","@value":"10.2197/ipsjdc.3.585_references_DOI_4RclBW8b5B81EF6qn1Gv5gREC23"},{"@type":"CROSSREF","@value":"10.1109/tac.2024.3451216_references_DOI_4RclBW8b5B81EF6qn1Gv5gREC23"},{"@type":"CROSSREF","@value":"10.4236/jis.2016.72003_references_DOI_4RclBW8b5B81EF6qn1Gv5gREC23"}]}