共查询到20条相似文献,搜索用时 32 毫秒
1.
研究了强制性约束下企业信息安全投资和网络保险的最优决策问题,对比了可观测企业损失和不可观测企业损失两种情形下基于破产概率约束的最优安全投资和网络保险保费厘定。研究结果表明:在可观测损失和公平保费情况下,当最大化单个企业的期望效用时,存在最优安全投资额,并且政府补贴和强制性约束都可以激励企业增加安全投资;但是当最大化所有企业效用时,只有强制性约束才能增加企业安全投资使得总效用最大化,并且企业的最优安全投资与损失的可观测程度无关。在不可观测损失情况下,当最大化单个企业期望效用时,企业的安全投资增大,而最大化所有企业效用时,存在正网络外部性,即任何企业均不敢轻易的减少安全投资,即使同在一个网络中的其他企业减少了安全投资。此外,在破产概率约束下,随着保费的增加,当损失可观测时,企业的安全投资也增加,但期望效用减少了;而当损失不可观测时,企业的安全投资和期望效用均减少。本文所得结论对政府设定强制性标准,以及企业利用安全投资和网络保险进行信息安全风险控制具有较好的参考价值。 相似文献
2.
证券公司风险的实证分析及风险券商处置模式研究 总被引:3,自引:0,他引:3
证券市场是一个充满风险的市场.中国证券市场作为一个新兴发展中的市场,具有更大的风险.本文对证券公司的风险现状和风险案例进行了实证研究.同时,对证券市场中风险券商的处置模式进行了探索. 相似文献
3.
Security of infrastructure is a major concern. Traditional security schedules are unable to provide omnipresent coverage; consequently, adversaries can exploit predictable vulnerabilities to their advantage. Randomized security schedules, which randomly deploy security measures, overcome these limitations, but public perceptions of such schedules have not been examined. In this experiment, participants were asked to make a choice between attending a venue that employed a traditional (i.e., search everyone) or a random (i.e., a probability of being searched) security schedule. The absolute probability of detecting contraband was manipulated (i.e., 1/10, 1/4, 1/2) but equivalent between the two schedule types. In general, participants were indifferent to either security schedule, regardless of the probability of detection. The randomized schedule was deemed more convenient, but the traditional schedule was considered fairer and safer. There were no differences between traditional and random schedule in terms of perceived effectiveness or deterrence. Policy implications for the implementation and utilization of randomized schedules are discussed. 相似文献
4.
A Macro-Economic Framework for Evaluation of Cyber Security Risks Related to Protection of Intellectual Property 总被引:1,自引:0,他引:1
The article is based on the premise that, from a macro-economic viewpoint, cyber attacks with long-lasting effects are the most economically significant, and as a result require more attention than attacks with short-lasting effects that have historically been more represented in literature. In particular, the article deals with evaluation of cyber security risks related to one type of attack with long-lasting effects, namely, theft of intellectual property (IP) by foreign perpetrators. An International Consequence Analysis Framework is presented to determine (1) the potential macro-economic consequences of cyber attacks that result in stolen IP from companies in the United States, and (2) the likely sources of such attacks. The framework presented focuses on IP theft that enables foreign companies to make economic gains that would have otherwise benefited the U.S. economy. Initial results are presented. 相似文献
5.
We describe a quantitative methodology to characterize the vulnerability of U.S. urban centers to terrorist attack, using a place-based vulnerability index and a database of terrorist incidents and related human casualties. Via generalized linear statistical models, we study the relationships between vulnerability and terrorist events, and find that our place-based vulnerability metric significantly describes both terrorist incidence and occurrence of human casualties from terrorist events in these urban centers. We also introduce benchmark analytic technologies from applications in toxicological risk assessment to this social risk/vulnerability paradigm, and use these to distinguish levels of high and low urban vulnerability to terrorism. It is seen that the benchmark approach translates quite flexibly from its biological roots to this social scientific archetype. 相似文献
6.
本文基于描述长记忆性的ARFIMA模型和具有结构性转变的平滑迁移模型,提出了联合检验两种时间序列性质的STARFIMA模型,并给出了估计模型系数的估计方法和检验非线性的刀切似然比方法.应用我国通货膨胀率的时间序列数据,我们应用Logistic型STARFIMA模型进行经验分析时发现,STARFIMA模型具有比ARFIMA模型更好的模拟效果和精度,而且该模型分别捕捉到了以通货膨胀率自身和加速通货膨胀率为转移变量的结构性转变,并发现在引入结构转变之后的通货膨胀率序列的记忆性变强的特征. 相似文献
7.
Nirup Menon 《Risk analysis》2011,31(3):497-512
The correlated nature of security breach risks, the imperfect ability to prove loss from a breach to an insurer, and the inability of insurers and external agents to observe firms’ self‐protection efforts have posed significant challenges to cyber security risk management. Our analysis finds that a firm invests less than the social optimal levels in self‐protection and in insurance when risks are correlated and the ability to prove loss is imperfect. We find that the appropriate social intervention policy to induce a firm to invest at socially optimal levels depends on whether insurers can verify a firm's self‐protection levels. If self‐protection of a firm is observable to an insurer so that it can design a contract that is contingent on the self‐protection level, then self‐protection and insurance behave as complements. In this case, a social planner can induce a firm to choose the socially optimal self‐protection and insurance levels by offering a subsidy on self‐protection. We also find that providing a subsidy on insurance does not provide a similar inducement to a firm. If self‐protection of a firm is not observable to an insurer, then self‐protection and insurance behave as substitutes. In this case, a social planner should tax the insurance premium to achieve socially optimal results. The results of our analysis hold regardless of whether the insurance market is perfectly competitive or not, implying that solely reforming the currently imperfect insurance market is insufficient to achieve the efficient outcome in cyber security risk management. 相似文献
8.
《Risk analysis》2018,38(2):226-241
Managing cyber security in an organization involves allocating the protection budget across a spectrum of possible options. This requires assessing the benefits and the costs of these options. The risk analyses presented here are statistical when relevant data are available, and system‐based for high‐consequence events that have not happened yet. This article presents, first, a general probabilistic risk analysis framework for cyber security in an organization to be specified. It then describes three examples of forward‐looking analyses motivated by recent cyber attacks. The first one is the statistical analysis of an actual database, extended at the upper end of the loss distribution by a Bayesian analysis of possible, high‐consequence attack scenarios that may happen in the future. The second is a systems analysis of cyber risks for a smart, connected electric grid, showing that there is an optimal level of connectivity. The third is an analysis of sequential decisions to upgrade the software of an existing cyber security system or to adopt a new one to stay ahead of adversaries trying to find their way in. The results are distributions of losses to cyber attacks, with and without some considered countermeasures in support of risk management decisions based both on past data and anticipated incidents. 相似文献
9.
资本作为一种风险缓冲剂,具有承担风险、吸收损失、保护银行抵御意外冲击的作用,是保障银行安全的最后一道防线,实施资本监管是保证金融安全的主要手段。本文运用数学模型分析工具,从金融安全的角度对金融业资本监管进行了分析,得出了合乎逻辑的理论结论,为实践中的运用提供了理论基础。本文的研究在于丰富金融监管理论文献的同时,也为指导我国金融业今后的发展提出了重要的理论证据。 相似文献
10.
11.
Agency Problems and Airport Security: Quantitative and Qualitative Evidence on the Impact of Security Training 下载免费PDF全文
Martina de Gramatica Fabio Massacci Woohyun Shim Uğur Turhan Julian Williams 《Risk analysis》2017,37(2):372-395
We analyze the issue of agency costs in aviation security by combining results from a quantitative economic model with a qualitative study based on semi‐structured interviews. Our model extends previous principal‐agent models by combining the traditional fixed and varying monetary responses to physical and cognitive effort with nonmonetary welfare and potentially transferable value of employees' own human capital. To provide empirical evidence for the tradeoffs identified in the quantitative model, we have undertaken an extensive interview process with regulators, airport managers, security personnel, and those tasked with training security personnel from an airport operating in a relatively high‐risk state, Turkey. Our results indicate that the effectiveness of additional training depends on the mix of “transferable skills” and “emotional” buy‐in of the security agents. Principals need to identify on which side of a critical tipping point their agents are to ensure that additional training, with attached expectations of the burden of work, aligns the incentives of employees with the principals' own objectives. 相似文献
12.
An integrated risk management strategy, combining insurance and security investments, where the latter contribute to reduce the insurance premium, is investigated to assess whether it can lead to reduced overall security expenses. The optimal investment for this mixed strategy is derived under three insurance policies, covering, respectively, all the losses (total coverage), just those below the limit of maximum liability (partial coverage), and those above a threshold but below the maximum liability (partial coverage with deductibles). Under certain conditions (e.g., low potential loss, or either very low or very high vulnerability), the mixed strategy reverts however to insurance alone, because investments do not provide an additional benefit. When the mixed strategy is the best choice, the dominant component in the overall security expenses is the insurance premium in most cases. Optimal investment decisions require an accurate estimate of the vulnerability, whereas larger estimation errors may be tolerated for the investment-effectiveness coefficient. 相似文献
13.
Layered defenses are necessary for protecting the public from terrorist attacks. Designing a system of such defensive measures requires consideration of the interaction of these countermeasures. In this article, we present an analysis of a layered security system within the lower Manhattan area. It shows how portfolios of security measures can be evaluated through portfolio decision analysis. Consideration is given to the total benefits and costs of the system. Portfolio diagrams are created that help communicate alternatives among stakeholders who have differing views on the tradeoffs between security and economic activity. 相似文献
14.
无套利Nelson-Siegel模型形式上具有Nelson-Siegel模型的简约性,本质上是满足无套利假设的仿射类动态模型。本文以Fama-Bliss方法获得的上交所国债利率期限结构为研究对象,利用卡尔曼滤波法方法实证分析了无套利Nelson-Siegel(AFNS)模型在中国国债市场的适用性。研究发现估计出的AFNS模型能够很好反映我国国债市场利率期限结构的动态特征,模型中的三个状态因子能更有效地描述中国国债收益率的水平、斜率和曲率因子的动态变化,而收益率调整项的非线性作用使得该模型能有效减少对中国国债长期收益率的拟合误差。和动态Nelson-Siegel模型的对比分析表明,相关因子假设的无套利Nelson-Siegel模型样本内拟合能力更佳,独立因子假设的无套利Nelson-Siegel模型则具有最优的样本外预测能力。 相似文献
15.
Patrick S. Roberts 《Public Organization Review》2009,9(2):169-198
The US Federal Bureau of Investigation and the Central Intelligence Agency gain autonomy when they exercise executive power,
performing tasks that are so urgent, secretive, or forceful that they cannot be anticipated by law. The FBI exhibited a clear
instance of autonomy when, with a view to its long term responsibilities, it resisted remaking itself as a counterterrorism
agency to the degree that politicians requested. The second case, involving the CIA, produced more mixed results. The agency
appeared to exhibit autonomy by exercising its powerful security tasks, including control over information and covert operations,
and by resisting a consensus for major organizational change. Nevertheless, its large number of administrative and analytical
rather than executive tasks prevented the agency from developing the coherent, independent perspective necessary for a high
degree of true autonomy.
Patrick S. Roberts is an assistant professor in the Center for Public Administration and Policy in the School of Public and International Affairs at Virginia Tech. His Ph.D. is in government from the University of Virginia and he has held postdoctoral fellowships at Harvard and Stanford universities. Patrick has published articles on disaster and security organizations in a number of scholarly and popular journals. 相似文献
Patrick S. RobertsEmail: URL: http://filebox.vt.edu/users/robertsp/ |
Patrick S. Roberts is an assistant professor in the Center for Public Administration and Policy in the School of Public and International Affairs at Virginia Tech. His Ph.D. is in government from the University of Virginia and he has held postdoctoral fellowships at Harvard and Stanford universities. Patrick has published articles on disaster and security organizations in a number of scholarly and popular journals. 相似文献
16.
The purpose of this article is to introduce a risk analysis framework to enhance the cyber security of and to protect the critical infrastructure of the electric power grid of the United States. Building on the fundamental questions of risk assessment and management, this framework aims to advance the current risk analysis discussions pertaining to the electric power grid. Most of the previous risk-related studies on the electric power grid focus mainly on the recovery of the network from hurricanes and other natural disasters. In contrast, a disproportionately small number of studies explicitly investigate the vulnerability of the electric power grid to cyber-attack scenarios, and how they could be prevented or mitigated. Such a limited approach leaves the United States vulnerable to foreign and domestic threats (both state-sponsored and “lone wolf”) to infiltrate a network that lacks a comprehensive security environment or coordinated government response. By conducting a review of the literature and presenting a risk-based framework, this article underscores the need for a coordinated U.S. cyber security effort toward formulating strategies and responses conducive to protecting the nation against attacks on the electric power grid. 相似文献
17.
选择上海社保基金案为研究对象,根据2004~2008年年末注册地为上海的上市公司的年报、临时公告和纸质新闻媒体报道资料,手工搜集了关键高管(董事长与总经理)的政治联系数据和公司涉案与否的数据,实证研究了涉案行为与政治联系之间的关系,以及涉案行为在上海社保基金案之前、期间和之后对公司审计意见的影响。研究结果表明,政治联系的上市公司显著地更可能涉案,且在上海社保基金案曝光的2006年,涉案公司被出具非标审计意见的概率显著更高;但若以2006年为基准,在上海社保基金案之前的2004~2005年、之后的2007~2008年,涉案公司被出具非标审计意见的概率显著更低。 相似文献
18.
关系情境、供应商承诺与合作效应的实证研究 总被引:1,自引:0,他引:1
基于249家供应商的样本数据,运用结构方程模型对供应链双方的关系情境、供应商承诺与合作效应之间的关系进行实证研究,发现供应商承诺意愿促进其承诺行动,关系情境中的环境动态性、供应商信任和供应商依赖等因素对供应商承诺意愿及承诺行动分别有不同的影响,供应商承诺意愿和承诺行动可以促进双方合作程度和供应商运营获益,双方合作程度的加深能增大供应商运营获益. 相似文献
19.
Dimitrios A. Andritsos Christopher S. Tang 《Production and Operations Management》2014,23(12):2163-2177
Motivated by an increasing adoption of evidence‐based medical guidelines in the delivery of medical care, we examine whether increased adherence to such guidelines (typically referred to as higher process quality) is associated with reduced resource usage in the course of patient treatment. In this study, we develop a sample of US hospitals and use cardiac care as our context to empirically examine our questions. To measure a patient's resource usage, we use the total length of stay, which includes any additional inpatient stay necessitated by unplanned readmissions within thirty days after initial hospitalization. We find evidence that higher process quality, and more specifically its clinical (as opposed to its administrative) dimensions, are associated with a reduction in resource usage. Moreover, the standardization of care that is achieved via the implementation of medical guidelines, makes this effect more pronounced in less focused environments: higher process quality is more beneficial when the cardiac department's patient population is distributed across a wider range of medical conditions. We explore the implications of these findings for process‐oriented pay‐for‐performance programs, which tie the reimbursement of hospitals to their adherence to evidence‐based medical guidelines. 相似文献
20.
Andrew B. Abel 《Econometrica : journal of the Econometric Society》2003,71(2):551-578
Is the stock market boom a result of the baby boom? This paper develops an overlapping generations model in which a baby boom is modeled as a high realization of a random birth rate, and the price of capital is determined endogenously by a convex cost of adjustment. A baby boom increases national saving and investment and thus causes an increase in the price of capital. The price of capital is mean–reverting so the initial increase in the price of capital is followed by a decrease. Social Security can potentially affect national saving and investment, though in the long run, it does not affect the price of capital. 相似文献