{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T13:45:15Z","timestamp":1773409515425,"version":"3.50.1"},"publisher-location":"New York, NY","reference-count":28,"publisher":"Springer New York","isbn-type":[{"value":"9781461419808","type":"print"},{"value":"9781461419815","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-1-4614-1981-5_8","type":"book-chapter","created":{"date-parts":[[2012,9,24]],"date-time":"2012-09-24T22:57:39Z","timestamp":1348527459000},"page":"171-191","source":"Crossref","is-referenced-by-count":11,"title":["Fixed Costs, Investment Rigidities, and Risk Aversion in Information Security: A Utility-theoretic Approach"],"prefix":"10.1007","author":[{"given":"Christos","family":"Ioannidis","sequence":"first","affiliation":[]},{"given":"David","family":"Pym","sequence":"additional","affiliation":[]},{"given":"Julian","family":"Williams","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2012,7,27]]},"reference":[{"issue":"2","key":"8_CR1","first-page":"38","volume":"80","author":"R Abel","year":"1990","unstructured":"Abel R (1990) Asset prices under habit formation and catching up with the Joneses. Am Econ Rev 80(2):38\u201342","journal-title":"Am Econ Rev"},{"key":"8_CR2","doi-asserted-by":"crossref","unstructured":"Anderson R (2001) Why information security is hard: an economic perspective. In: Proceedings of 17th Annual Computer Security Applications Conference, pp 358\u2013265. IEEE","DOI":"10.1109\/ACSAC.2001.991552"},{"key":"8_CR3","doi-asserted-by":"crossref","unstructured":"Anderson R, B\u00f6hme R, Clayton R, Moore T (2007) Security economics and the internal market. Report to the European Network and Information Security Agency (ENISA)","DOI":"10.1007\/978-0-387-09762-6_3"},{"key":"8_CR4","doi-asserted-by":"crossref","first-page":"610","DOI":"10.1126\/science.1130992","volume":"314","author":"R Anderson","year":"2006","unstructured":"Anderson R, Moore T (2006) The economics of information security. Science 314:610\u2013613. Extended version available at http:\/\/www.cl.cam.ac.uk\/~rja14\/Papers\/toulouse-summary.pdf","journal-title":"Science"},{"issue":"4","key":"8_CR5","doi-asserted-by":"publisher","first-page":"642","DOI":"10.1287\/mnsc.1070.0771","volume":"54","author":"A Arora","year":"2008","unstructured":"Arora A, Telang R, Xu H (2008) Optimal policy for software vulnerability disclosure. Manag Sci 54(4):642\u2013656","journal-title":"Manag Sci"},{"key":"8_CR6","unstructured":"Arrow K (1971) The theory of risk aversion. In: Essays in the theory of risk bearing. Markham Publ. Co. pp 90\u2013109 (Reprinted from: Aspects of the Theory of Risk Bearing, by Yrjo Jahnssonin Saatio, Helsinki, 1965)"},{"issue":"11","key":"8_CR7","doi-asserted-by":"publisher","first-page":"1703","DOI":"10.1287\/mnsc.1060.0568","volume":"52","author":"T August","year":"2006","unstructured":"August T, Tunca T (2006) Network software security and user incentives. Manag Sci 52(11):1703\u20131720","journal-title":"Manag Sci"},{"key":"8_CR8","doi-asserted-by":"crossref","unstructured":"Beres Y, Griffin J, Shiu S, Heitman M, Markle D, Ventura P (2008) Analysing the performance of security solutions to reduce vulnerability exposure window. In: Proceedings of the 2008 Annual Computer Security Applications Conference. IEEE Computer Society Conference Publishing Services (CPS), pp 33\u201342","DOI":"10.1109\/ACSAC.2008.42"},{"key":"8_CR9","unstructured":"Beres Y, Pym D, Shiu S (2010) Decision support for systems security investment. In: Network Operations and Management Symposium Workshops (NOMS Wksps), 2010. IEEE\/IFIP, pp 118\u2013125, Doi: 10.1109\/NOMSW.2010.5486590, ISBN: 978-1-4244-6037-3, INSPEC Accession Number: 11502735"},{"issue":"3","key":"8_CR10","doi-asserted-by":"publisher","first-page":"623","DOI":"10.3982\/ECTA6248","volume":"77","author":"N Bloom","year":"2009","unstructured":"Bloom N (2009) The impact of uncertainty shocks. Econometrica 77(3):623\u2013685","journal-title":"Econometrica"},{"issue":"4","key":"8_CR11","doi-asserted-by":"publisher","first-page":"657","DOI":"10.1287\/mnsc.1070.0794","volume":"54","author":"H Cavusoglu","year":"2008","unstructured":"Cavusoglu H, Cavusoglu H, Zhang J (2008) Security patch management: share the burden or share the damage. Manag Sci 54(4):657\u2013670","journal-title":"Manag Sci"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Collinson M, Monahan B, Pym D (2010) Semantics for structured systems modelling and simulation. In: Proceedings of Simutools 2010. ICST: ACM Digital Library and EU Digital Library. ISBN: 78-963-9799-87-5","DOI":"10.4108\/ICST.SIMUTOOLS2010.8631"},{"issue":"4","key":"8_CR13","doi-asserted-by":"publisher","first-page":"937","DOI":"10.2307\/1913778","volume":"57","author":"LG Epstein","year":"1989","unstructured":"Epstein LG, Zin SE (1989) Substitution, risk aversion, and the temporal behavior of consumption growth and asset returns I: a theoretical framework. Econometrica 57(4):937\u2013969","journal-title":"Econometrica"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Fishburn PC (1970) Utility theory for decision making. Wiley","DOI":"10.21236\/AD0708563"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Fultz N, Grossklags J (2009) Blue versus red: towards a model of distributed security attacks. In: Dingledine R, Golle P (eds) Proceedings of the Thirteenth International Conference Financial Cryptography and Data Security (FC\u201909), Springer Verlag, pp 167\u2013183, LNCS 5628, ISBN: 978-3-642-03548-7","DOI":"10.1007\/978-3-642-03549-4_10"},{"issue":"4","key":"8_CR16","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"L Gordon","year":"2002","unstructured":"Gordon L, Loeb M (2002) The economics of information security investment. ACM Trans Inform Syst Secur 5(4):438\u2013457","journal-title":"ACM Trans Inform Syst Secur"},{"key":"8_CR17","unstructured":"Gordon L, Loeb M (2006) Managing cybersecurity resources: a cost-benefit analysis. McGraw Hill"},{"issue":"2","key":"8_CR18","first-page":"1","volume":"19","author":"L Gordon","year":"2003","unstructured":"Gordon L, Loeb M, Lucyshyn W (2003) Information security expenditures and real options: a wait-and-see approach. Comput Secur J 19(2):1\u20137","journal-title":"Comput Secur J"},{"key":"8_CR19","doi-asserted-by":"crossref","unstructured":"Ioannidis C, Pym D, Williams J (2009) Investments and trade-offs in the economics of information security. In: Dingledine R, Golle P (eds) Proceedings of Financial Cryptography and Data Security \u201909, LNCS, Springer, vol 5628, pp 148\u2013166. Preprint available at http:\/\/www.abdn.ac.uk\/~csc335\/IoannidisPymWilliams-FC09.pdf","DOI":"10.1007\/978-3-642-03549-4_9"},{"key":"8_CR20","volume-title":"Information security trade-offs and optimal patching policies","author":"C Ioannidis","year":"2011","unstructured":"Ioannidis C, Pym D, Williams J (2011) Information security trade-offs and optimal patching policies. Eur J Oper Res. Forthcoming (TBA), TBA"},{"key":"8_CR21","doi-asserted-by":"publisher","first-page":"313","DOI":"10.2307\/1914185","volume":"47","author":"D Kahneman","year":"1979","unstructured":"Kahneman D, Tversky A (1979) Prospect theory: an analysis of decisions under risk. Econometrica 47: 313\u2013327","journal-title":"Econometrica"},{"key":"8_CR22","unstructured":"Keeney R, Raiffa H (1976) Decisions with multiple objectives: preferences and value trade-offs. Wiley"},{"issue":"5","key":"8_CR23","first-page":"904","volume":"66","author":"O Loistl","year":"1976","unstructured":"Loistl O (1976) The erroneous approximation of expected utility by means of Taylor\u2019s series expansion: analytic and computational Results. Am Econ Rev 66(5):904\u2013910","journal-title":"Am Econ Rev"},{"key":"8_CR24","doi-asserted-by":"crossref","unstructured":"Mont MC, Beres Y, Pym D, Shiu S (2010) Economics of identity and access management: providing decision support for investments. In: Network Operations and Management Symposium Workshops (NOMS Wksps), 2010, IEEE\/IFIP, pp 134\u2013141, Doi: 10.1109\/NOMSW.2010.5486588, ISBN: 978-1-4244-6037-3, INSPEC Accession Number: 11502733","DOI":"10.1109\/NOMSW.2010.5486588"},{"key":"8_CR25","doi-asserted-by":"publisher","first-page":"122","DOI":"10.2307\/1913738","volume":"32","author":"J Pratt","year":"1964","unstructured":"Pratt J (1964) Risk aversion in the small and in the large. Econometrica 32:122\u2013136","journal-title":"Econometrica"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Rogers D, Williams L (2000) Diffusions, Markov processes, and Martingales. Cambridge Mathematics Library","DOI":"10.1017\/CBO9780511805141"},{"key":"8_CR27","unstructured":"Ross S (1995) Stochastic processes. Wiley"},{"key":"8_CR28","doi-asserted-by":"crossref","unstructured":"Taksumi K, Goto M (2010) Optimal timing of information security investment: a real options approach. In: Moore T, Pym D, Ioannidis C (eds) Economics of Information Security and Privacy. Proceedings of WEIS 2009, Springer, London","DOI":"10.1007\/978-1-4419-6967-5_11"}],"container-title":["Economics of Information Security and Privacy III"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-1-4614-1981-5_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,9]],"date-time":"2025-04-09T09:54:44Z","timestamp":1744192484000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-1-4614-1981-5_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,7,27]]},"ISBN":["9781461419808","9781461419815"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-1-4614-1981-5_8","relation":{},"subject":[],"published":{"date-parts":[[2012,7,27]]}}}