{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,13]],"date-time":"2026-03-13T13:45:34Z","timestamp":1773409534159,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":17,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642171963","type":"print"},{"value":"9783642171970","type":"electronic"}],"license":[{"start":{"date-parts":[[2010,1,1]],"date-time":"2010-01-01T00:00:00Z","timestamp":1262304000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-17197-0_2","type":"book-chapter","created":{"date-parts":[[2010,11,22]],"date-time":"2010-11-22T10:35:06Z","timestamp":1290422106000},"page":"21-37","source":"Crossref","is-referenced-by-count":15,"title":["Optimal Information Security Investment with Penetration Testing"],"prefix":"10.1007","author":[{"given":"Rainer","family":"B\u00f6hme","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M\u00e1rk","family":"F\u00e9legyh\u00e1zi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"Su, X.: An overview of economic approaches to information security management. Technical Report TR-CTIT-06-30, University of Twente (2006)"},{"key":"2_CR2","unstructured":"B\u00f6hme, R., Moore, T.W.: The iterated weakest link: A model of adaptive security investment. In: Workshop on the Economics of Information Security (WEIS), University College, London, UK (2009)"},{"issue":"1","key":"2_CR3","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1109\/MSP.2010.51","volume":"8","author":"R. B\u00f6hme","year":"2010","unstructured":"B\u00f6hme, R., Moore, T.W.: The iterated weakest link. IEEE Security & Privacy\u00a08(1), 53\u201355 (2010)","journal-title":"IEEE Security & Privacy"},{"key":"2_CR4","doi-asserted-by":"crossref","unstructured":"Panjwani, S., Tan, S., Jarrin, K.M., Cukier, M.: An experimental evaluation to determine if port scans are precursors to an attack. In: Proc.\u00a0of Int\u2019l. Conf.\u00a0on Dependable Systems and Networks (DSN 2005), Yokkohama, Japan (2005)","DOI":"10.1109\/DSN.2005.18"},{"key":"2_CR5","doi-asserted-by":"crossref","unstructured":"Gordon, L.A., Loeb, M.P., Lucysshyn, W.: Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy\u00a022(6) (2003)","DOI":"10.1016\/j.jaccpubpol.2003.09.001"},{"issue":"2","key":"2_CR6","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1287\/isre.1050.0053","volume":"16","author":"E. Gal-Or","year":"2005","unstructured":"Gal-Or, E., Ghose, A.: The economic incentives for sharing security information. Information Systems Research\u00a016(2), 186\u2013208 (2005)","journal-title":"Information Systems Research"},{"issue":"4","key":"2_CR7","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"L.A. Gordon","year":"2002","unstructured":"Gordon, L.A., Loeb, M.P.: The economics of information security investment. ACM Transactions on Information and System Security\u00a05(4), 438\u2013457 (2002)","journal-title":"ACM Transactions on Information and System Security"},{"issue":"1","key":"2_CR8","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1287\/isre.1050.0041","volume":"16","author":"H. Cavusoglu","year":"2005","unstructured":"Cavusoglu, H., Mishra, B., Raghunathan, S.: The value of intrusion detection systems in information technology security architecture. Information Systems Research\u00a016(1), 28\u201346 (2005)","journal-title":"Information Systems Research"},{"key":"2_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"192","DOI":"10.1007\/978-3-642-14577-3_16","volume-title":"Proc.\u00a0of Financial Cryptography and Data Security, FC 2010","author":"A. Barth","year":"2010","unstructured":"Barth, A., Rubinstein, B., Sundararajan, M., Mitchell, J., Song, D., Bartlett, P.L.: A learning-based approach to reactive security. In: Radu, S. (ed.) FC 2010. LNCS, vol.\u00a06052, pp. 192\u2013206. Springer, Heidelberg (2010)"},{"issue":"1","key":"2_CR10","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1287\/ijoc.1070.0222","volume":"20","author":"H. Ogut","year":"2008","unstructured":"Ogut, H., Cavusoglu, H., Raghunathan, S.: Intrusion detection policies for it security breaches. INFORMS Journal on Computing\u00a020(1), 112\u2013123 (2008)","journal-title":"INFORMS Journal on Computing"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Geer, D., Harthorne, J.: Penetration testing: A duet. In: Proc.\u00a0of the 18th Annual Computer Security Applications Conference (ACSAC), Las Vegas, NV, USA (2002)","DOI":"10.1109\/CSAC.2002.1176290"},{"issue":"1","key":"2_CR12","doi-asserted-by":"publisher","first-page":"84","DOI":"10.1109\/MSP.2005.23","volume":"3","author":"B. Arkin","year":"2005","unstructured":"Arkin, B., Stender, S., McGraw, G.: Software penetration testing. IEEE Security & Privacy\u00a03(1), 84\u201387 (2005)","journal-title":"IEEE Security & Privacy"},{"key":"2_CR13","unstructured":"Richardson, R.: CSI Computer Crime and Security Survey. Computer Security Institute (2007)"},{"key":"2_CR14","doi-asserted-by":"crossref","unstructured":"Miura-Ko, R.A., Bambos, N.: SecureRank: A risk-based vulnerability management scheme for computing infrastructures. In: IEEE International Conference on Communications (Proc.\u00a0of ICC), pp. 1455\u20131460 (2007)","DOI":"10.1109\/ICC.2007.244"},{"key":"2_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"176","DOI":"10.1007\/978-3-540-68947-8_15","volume-title":"Dependability Metrics","author":"R. B\u00f6hme","year":"2008","unstructured":"B\u00f6hme, R., Nowey, T.: Economic security metrics. In: Eusgeld, I., Freiling, F.C., Reussner, R. (eds.) Dependability Metrics. LNCS, vol.\u00a04909, pp. 176\u2013187. Springer, Heidelberg (2008)"},{"key":"2_CR16","doi-asserted-by":"publisher","first-page":"542","DOI":"10.1016\/j.cose.2004.09.004","volume":"23","author":"S.A. Purser","year":"2004","unstructured":"Purser, S.A.: Improving the ROI of the security management process. Computers & Security\u00a023, 542\u2013546 (2004)","journal-title":"Computers & Security"},{"key":"2_CR17","doi-asserted-by":"crossref","unstructured":"Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G., Paxson, V., Savage, S.: Spamalytics: An empirical analysis of spam marketing conversion. In: Conference on Computer and Communications Security (Proc.\u00a0of ACM CCS), Alexandria, Virginia, pp. 3\u201314 (2008)","DOI":"10.1145\/1455770.1455774"}],"container-title":["Lecture Notes in Computer Science","Decision and Game Theory for Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-17197-0_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,6]],"date-time":"2019-06-06T09:01:25Z","timestamp":1559811685000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-17197-0_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642171963","9783642171970"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-17197-0_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010]]}}}