考虑数字资产类型与互补的企业信息安全决策研究
Research on Firm Information Security Decision Considering Digital Asset Types and Complementarity
摘要: 随着企业数字化转型的深入,信息资产已成为核心战略资源,其安全防护面临严峻挑战。在资源约束下,企业需对价值迥异的资产制定差异化的安全策略。本文基于资产分类视角,构建了企业信息安全投资决策模型,研究企业如何为核心与非核心资产分配最优安全努力。通过模型求解与比较静态分析发现:(1) 安全投入成本的上升会显著抑制企业对两类资产的防护投入,且核心资产投入对成本变化的敏感度更高;(2) 安全成本对企业最终收益具有持续的负面影响,揭示了成本控制在企业安全治理中的核心价值;(3) 损失比率对安全努力的影响呈现差异化特征,非核心资产价值提升会直接促进其自身防护,并通过互补效应间接带动核心资产投入;(4) 损失比率对企业收益的影响存在临界阈值,揭示非核心资产在特定条件下的战略价值。研究进一步表明,建立动态资产价值评估和关联体系、重视安全投入的成本效率,有助于企业优化安全资源配置。本研究为企业从“孤立防护”向“协同防御”体系转型提供了理论依据与管理启示。
Abstract: With the advancement of digital transformation, information assets have evolved into core strategic resources for enterprises, while their security protection faces increasingly severe challenges. Under resource constraints, enterprises need to formulate differentiated security strategies for assets of heterogeneous values. From an asset classification perspective, this paper develops an enterprise information security investment decision model to examine how firms optimally allocate security efforts between core and non-core assets. Through model solution and comparative static analysis, the findings reveal that: (1) Rising security investment costs significantly suppress corporate protection investments in both asset categories, with core asset investments demonstrating higher sensitivity to cost variations; (2) Security costs exert a persistent negative impact on enterprises’ ultimate benefits, underscoring the fundamental importance of cost control in security governance; (3) The loss ratio exhibits differentiated effects on security efforts - increased non-core asset value directly enhances their own protection while indirectly stimulating core asset investments through complementarity effects; (4) The impact of loss ratio on corporate benefits demonstrates a critical threshold, revealing the strategic value of non-core assets under specific conditions. Further research indicates that establishing dynamic asset valuation and correlation systems, while emphasizing cost efficiency in security investments, facilitates optimized security resource allocation. This study provides theoretical foundation and managerial implications for enterprises transitioning from “isolated protection” to “collaborative defense” systems.
参考文献
|
[1]
|
Gordon, L.A. and Loeb, M.P. (2002) The Economics of Information Security Investment. ACM Transactions on Information and System Security, 5, 438-457. [Google Scholar] [CrossRef]
|
|
[2]
|
董坤祥, 谢宗晓, 甄杰. 强制性约束下企业信息安全投资与网络保险的最优决策分析[J]. 中国管理科学, 2021, 29(6): 70-81.
|
|
[3]
|
Gao, X. and Yang, D. (2023) A Competitive Analysis of Information Security Investment: The Role of Hacker Attacks. Journal of Industrial and Management Optimization, 19, 6104-6129. [Google Scholar] [CrossRef]
|
|
[4]
|
Alexander, M. and Young, D. (1996) Strategic Outsourcing. Long Range Planning, 29, 116-119. [Google Scholar] [CrossRef]
|
|
[5]
|
Chen, Y., Zhao, Y., Xie, W., Zhai, Y., Zhao, X., Zhang, J., et al. (2023) An Empirical Study on Core Data Asset Identification in Data Governance. Big Data and Cognitive Computing, 7, Article 161. [Google Scholar] [CrossRef]
|
|
[6]
|
Stafford, V. (2020) Zero Trust Architecture. NIST Special Publication.
|
|
[7]
|
Fedele, A. and Roner, C. (2021) Dangerous Games: A Literature Review on Cybersecurity Investments. Journal of Economic Surveys, 36, 157-187. [Google Scholar] [CrossRef]
|
|
[8]
|
Gao, X., Qiu, M., Gong, S., Wang, Y. and Zhang, Y. (2023) Information Security Investment for Complementary and Substitutable Firms: The Role of Technology Similarity. Expert Systems with Applications, 225, Article ID: 120129. [Google Scholar] [CrossRef]
|