{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T00:14:20Z","timestamp":1776730460008,"version":"3.51.2"},"reference-count":35,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2015,6,19]],"date-time":"2015-06-19T00:00:00Z","timestamp":1434672000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Ann Oper Res"],"published-print":{"date-parts":[[2015,12]]},"DOI":"10.1007\/s10479-015-1925-2","type":"journal-article","created":{"date-parts":[[2015,6,18]],"date-time":"2015-06-18T04:27:15Z","timestamp":1434601635000},"page":"277-300","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":36,"title":["Information security investment for competitive firms with hacker behavior and security requirements"],"prefix":"10.1007","volume":"235","author":[{"given":"Xing","family":"Gao","sequence":"first","affiliation":[]},{"given":"Weijun","family":"Zhong","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,6,19]]},"reference":[{"key":"1925_CR1","doi-asserted-by":"crossref","unstructured":"Anderson, R. (2001). Why information security is hard: an economic perspective. In: Proceedings of the seventeenth computer security applications conference, (pp. 358\u2013365). IEEE Computer Society Press.","DOI":"10.1109\/ACSAC.2001.991552"},{"key":"1925_CR2","unstructured":"Anderson, R. (2002). Security in open versus closed systems-the dance of Boltzmann. Coase and Moore: Technical report Cambridge University England."},{"issue":"5799","key":"1925_CR3","doi-asserted-by":"crossref","first-page":"610","DOI":"10.1126\/science.1130992","volume":"314","author":"R Anderson","year":"2006","unstructured":"Anderson, R., & Moore, T. (2006). The economics of information security. Science, 314(5799), 610\u2013613.","journal-title":"Science"},{"issue":"5","key":"1925_CR4","doi-asserted-by":"crossref","first-page":"350","DOI":"10.1007\/s10796-006-9012-5","volume":"8","author":"A Arora","year":"2006","unstructured":"Arora, A., Nandkumar, A., & Telang, R. (2006). Does information security attack frequency increase with vulnerability disclosure?\u2014An empirical analysis. Information Systems Frontiers, 8(5), 350\u2013362.","journal-title":"Information Systems Frontiers"},{"issue":"1","key":"1925_CR5","doi-asserted-by":"crossref","first-page":"7","DOI":"10.1007\/s10799-010-0066-1","volume":"11","author":"T Bandyopadhyay","year":"2010","unstructured":"Bandyopadhyay, T., Jacob, V., & Raghunathan, S. (2010). Information security in networked supply chains: Impact of network vulnerability and supply chain integration on incentives to invest. Information Technology and Management, 11(1), 7\u201323.","journal-title":"Information Technology and Management"},{"key":"1925_CR6","doi-asserted-by":"crossref","unstructured":"Bandyopadhyay, T., Liu, D., Mookerjee, V. S., & Wilhite, A. W. (2014). Dynamic competition in IT security: A differential games approach. Information Systems Frontiers, 16(4), 643\u2013661.","DOI":"10.1007\/s10796-012-9373-x"},{"issue":"3","key":"1925_CR7","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1287\/deca.1040.0022","volume":"1","author":"H Cavusoglu","year":"2004","unstructured":"Cavusoglu, H., & Raghunathan, S. (2004). Configuration of detection software: A comparison of decision and game theory approaches. Decision Analysis, 1(3), 131\u2013148.","journal-title":"Decision Analysis"},{"issue":"1","key":"1925_CR8","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1287\/isre.1050.0041","volume":"16","author":"H Cavusoglu","year":"2005","unstructured":"Cavusoglu, H., Mishra, B., & Raghunathan, S. (2005). The value of intrusion detection systems (IDSs) in information technology security. Information Systems Research, 16(1), 28\u201346.","journal-title":"Information Systems Research"},{"issue":"2","key":"1925_CR9","doi-asserted-by":"crossref","first-page":"281","DOI":"10.2753\/MIS0742-1222250211","volume":"25","author":"H Cavusoglu","year":"2008","unstructured":"Cavusoglu, H., Raghunathan, S., & Yue, W. T. (2008). Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems, 25(2), 281\u2013304.","journal-title":"Journal of Management Information Systems"},{"issue":"2","key":"1925_CR10","doi-asserted-by":"crossref","first-page":"198","DOI":"10.1287\/isre.1080.0180","volume":"20","author":"H Cavusoglu","year":"2009","unstructured":"Cavusoglu, H., & Raghunathan, S. (2009). Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Information Systems Research, 20(2), 198\u2013217.","journal-title":"Information Systems Research"},{"issue":"3","key":"1925_CR11","doi-asserted-by":"crossref","first-page":"241","DOI":"10.2753\/MIS0742-1222260308","volume":"26","author":"M Cremonini","year":"2009","unstructured":"Cremonini, M., & Nizovtsev, D. (2009). Risks and benefits of signaling information system characteristics to strategic attackers. Journal of Management Information Systems, 26(3), 241\u2013274.","journal-title":"Journal of Management Information Systems"},{"issue":"4","key":"1925_CR12","doi-asserted-by":"crossref","first-page":"352","DOI":"10.1287\/deca.2013.0278","volume":"10","author":"X Gao","year":"2013","unstructured":"Gao, X., Zhong, W., & Mei, S. (2013a). Information security investment when hackers disseminate knowledge. Decision Analysis, 10(4), 352\u2013368.","journal-title":"Decision Analysis"},{"issue":"5","key":"1925_CR13","doi-asserted-by":"crossref","first-page":"421","DOI":"10.1016\/j.orl.2013.05.002","volume":"41","author":"X Gao","year":"2013","unstructured":"Gao, X., Zhong, W., & Mei, S. (2013b). A differential game approach to information security investment under hackers\u2019 knowledge dissemination. Operations Research Letters, 41(5), 421\u2013425.","journal-title":"Operations Research Letters"},{"key":"1925_CR14","doi-asserted-by":"crossref","unstructured":"Gao, X., Zhong, W., & Mei, S. (2014). A game-theoretic analysis of information sharing and security investment for complementary firms. Journal of the Operational Research Society, 65(11), 1682\u20131691.","DOI":"10.1057\/jors.2013.133"},{"key":"1925_CR15","doi-asserted-by":"crossref","unstructured":"Gao, X., Zhong, W., & Mei, S. (2015). Security investment and information sharing under an alternative security breach probability function. Information Systems Frontiers, 17(2), 423\u2013438.","DOI":"10.1007\/s10796-013-9411-3"},{"issue":"4","key":"1925_CR16","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"LA Gordon","year":"2002","unstructured":"Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 5(4), 438\u2013457.","journal-title":"ACM Transactions on Information and System Security"},{"issue":"5","key":"1925_CR17","doi-asserted-by":"crossref","first-page":"335","DOI":"10.1007\/s10796-006-9010-7","volume":"8","author":"LA Gordon","year":"2006","unstructured":"Gordon, L. A., & Loeb, M. P. (2006). Economic aspects of information security: An emerging field of research. Information Systems Frontiers, 8(5), 335\u2013337.","journal-title":"Information Systems Frontiers"},{"issue":"2","key":"1925_CR18","doi-asserted-by":"crossref","first-page":"186","DOI":"10.1287\/isre.1050.0053","volume":"16","author":"E Gal-Or","year":"2005","unstructured":"Gal-Or, E., & Ghose, A. (2005). The economic incentives for sharing security information. Information Systems Research, 16(2), 186\u2013208.","journal-title":"Information Systems Research"},{"key":"1925_CR19","doi-asserted-by":"crossref","unstructured":"Hausken, K. (2006b). Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Information Systems Frontiers, 8(5), 338\u2013349.","DOI":"10.1007\/s10796-006-9011-6"},{"issue":"6","key":"1925_CR20","doi-asserted-by":"crossref","first-page":"639","DOI":"10.1016\/j.jaccpubpol.2007.10.001","volume":"26","author":"K Hausken","year":"2007","unstructured":"Hausken, K. (2007). Information sharing among firms and cyber attacks. Journal of Accounting and Public Policy, 26(6), 639\u2013688.","journal-title":"Journal of Accounting and Public Policy"},{"issue":"2","key":"1925_CR21","doi-asserted-by":"crossref","first-page":"793","DOI":"10.1016\/j.ijpe.2008.04.002","volume":"114","author":"CD Huang","year":"2008","unstructured":"Huang, C. D., Qing, H., & Ravi, B. (2008). An economic analysis of the optimal information security investment in the case of a risk-averse firm. International Journal of Production Economics, 114(2), 793\u2013804.","journal-title":"International Journal of Production Economics"},{"issue":"1","key":"1925_CR22","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1016\/j.ijpe.2012.06.022","volume":"141","author":"CD Huang","year":"2013","unstructured":"Huang, C. D., & Behara, R. S. (2013). Economics of information security investment in the case of concurrent heterogeneous attacks with budget constraints. International Journal of Production Economics, 141(1), 255\u2013268.","journal-title":"International Journal of Production Economics"},{"issue":"3","key":"1925_CR23","doi-asserted-by":"crossref","first-page":"117","DOI":"10.2753\/MIS0742-1222290304","volume":"29","author":"KL Hui","year":"2012","unstructured":"Hui, K. L., Hui, W., & Yue, W. T. (2012). Information security outsourcing with system interdependency and mandatory security requirement. Journal of Management Information Systems, 29(3), 117\u2013155.","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"1925_CR24","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1016\/j.dss.2011.05.007","volume":"52","author":"D Liu","year":"2011","unstructured":"Liu, D., Ji, Y., & Mookerjee, V. (2011). Knowledge sharing and investment decisions in information security. Decision Support Systems, 52(1), 95\u2013107.","journal-title":"Decision Support Systems"},{"issue":"2","key":"1925_CR25","doi-asserted-by":"crossref","first-page":"97","DOI":"10.2753\/MIS0742-1222260205","volume":"26","author":"IPL Png","year":"2009","unstructured":"Png, I. P. L., & Wang, Q. H. (2009). Information security facilitating user precautions vis-a-vis enforcement against attackers. Journal of Management Information Systems, 26(2), 97\u2013121.","journal-title":"Journal of Management Information Systems"},{"issue":"1","key":"1925_CR26","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1287\/isre.1080.0174","volume":"20","author":"S Ransbotham","year":"2009","unstructured":"Ransbotham, S., & Mitra, S. (2009). Choice and chance: A conceptual model of paths to information security compromise. Information Systems Research, 20(1), 121\u2013139.","journal-title":"Information Systems Research"},{"issue":"1","key":"1925_CR27","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1016\/j.jaccpubpol.2004.12.003","volume":"24","author":"H Tanaka","year":"2005","unstructured":"Tanaka, H., Matsuura, K., & Sudoh, O. (2005). Vulnerability and information security investment: An empirical analysis of e-local government in Japan. Journal of Accounting and Public Policy, 24(1), 37\u201359.","journal-title":"Journal of Accounting and Public Policy"},{"issue":"2","key":"1925_CR28","doi-asserted-by":"crossref","first-page":"548","DOI":"10.1016\/j.ejor.2008.06.032","volume":"197","author":"D Wu","year":"2009","unstructured":"Wu, D., Baron, O., & Berman, O. (2009). Bargaining in competing supply chains with uncertainty. European Journal of Operational Research, 197(2), 548\u2013556.","journal-title":"European Journal of Operational Research"},{"issue":"2","key":"1925_CR29","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1057\/jors.2008.144","volume":"61","author":"D Wu","year":"2010","unstructured":"Wu, D., & Olson, D. (2010a). Enterprise risk management: Coping with model risk in a large bank. Journal of the Operational Research Society, 61(2), 179\u2013190.","journal-title":"Journal of the Operational Research Society"},{"issue":"16","key":"1925_CR30","doi-asserted-by":"crossref","first-page":"4919","DOI":"10.1080\/00207540903051684","volume":"48","author":"D Wu","year":"2010","unstructured":"Wu, D., & Olson, D. (2010b). Enterprise Risk Management: A DEA VaR approach in vendor selection. International Journal of Production Research, 48(16), 4919\u20134932.","journal-title":"International Journal of Production Research"},{"issue":"1","key":"1925_CR31","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ijpe.2011.07.002","volume":"134","author":"D Wu","year":"2011","unstructured":"Wu, D., & Olson, D. (2011). Introduction to special issue on \u201cEnterprise risk management in operations\u201d. International Journal of Production Economics, 134(1), 1\u20132.","journal-title":"International Journal of Production Economics"},{"issue":"4","key":"1925_CR32","doi-asserted-by":"crossref","first-page":"751","DOI":"10.1016\/j.cor.2010.12.011","volume":"39","author":"D Wu","year":"2012","unstructured":"Wu, D., Olson, D., & Birge, J. (2012). Operational research in risk management. Computers & Operations Research, 39(4), 751\u2013752.","journal-title":"Computers & Operations Research"},{"issue":"1","key":"1925_CR33","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.ijpe.2011.11.032","volume":"144","author":"D Wu","year":"2013","unstructured":"Wu, D. (2013a). Coordination of competing supply chains with news-vendor and buyback contract. International Journal of Production Economics, 144(1), 1\u201313.","journal-title":"International Journal of Production Economics"},{"issue":"9\u201310","key":"1925_CR34","first-page":"1659","volume":"58","author":"D Wu","year":"2013","unstructured":"Wu, D. (2013b). Bargaining in supply chain with price and promotional effort dependent demand. Mathematical and Computer Modelling, 58(9\u201310), 1659\u20131669.","journal-title":"Mathematical and Computer Modelling"},{"issue":"9","key":"1925_CR35","doi-asserted-by":"crossref","first-page":"1581","DOI":"10.1016\/j.mcm.2013.07.004","volume":"58","author":"D Wu","year":"2013","unstructured":"Wu, D., & Olson, D. (2013). Computational simulation and risk analysis: An introduction of state of the art research. Mathematical and Computer Modelling, 58(9), 1581\u20131587.","journal-title":"Mathematical and Computer Modelling"}],"container-title":["Annals of Operations Research"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10479-015-1925-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10479-015-1925-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10479-015-1925-2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,29]],"date-time":"2019-05-29T14:10:00Z","timestamp":1559139000000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10479-015-1925-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,6,19]]},"references-count":35,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2015,12]]}},"alternative-id":["1925"],"URL":"https:\/\/doi.org\/10.1007\/s10479-015-1925-2","relation":{},"ISSN":["0254-5330","1572-9338"],"issn-type":[{"value":"0254-5330","type":"print"},{"value":"1572-9338","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,6,19]]}}}