ABSTRACT
Besides, there are researches focusing on information system security influence factors, some of which has studied several kinds of factors (Atreyi, et al, 2003; Qing, et al, 2007; Finn, et al, 2009) and the rest has paid attention to only one kind of factor, e.g. threats (Yeh, et al, 2007), person (Patricia, 2008; Debi, 2008; Tejaswini, et al, 2009; Robert, et al, 2013), punishments (Ken, et al, 2012), right relation (Ella, et al, 2013), risks (Anderson, et al, 2008; Nan, 2013) and so on. The influence factors referred in these studies could also have effects on information system security technology strategy
1 INTRODUCTION
The information system security problem has been more serious while the usage of information system is wider and deeper. Information system security refers to the capability of internet and information system to prevent accidents and malicious behaviors under certain conditions. Organizations often select some security technologies to deal with relevant threats during the information system defense. Information system security technology strategy is not only a technical problem, but also an economic one, which involves resources investments and distributions, security benefits and efficiency and so. From the perspective of economics, now the existing researches about information system security technology strategy have mainly focused on the selection and configuration of security technologies. With the development of technology and the more serious situation for information system, the studies on selection and configuration of security technologies have been from studying single technology (Xia, 2003; Alpcan, et al, 2003; Charles, et al, 2004; Huseyin, et al, 2004) to technology portfolio (Bass, et al, 2001; Mike, 2005; Dorene, et al, 2001; Harrison, 2005). Most of this kind of studies would like to look for the optimal configurations, considering security costs and profits. In recent years, the idea of defense in depth has been prevailing, and researches have
though they were not specialized in it, as security technology is full of importance to information system security management. It is not difficult to find out that studies specialized in influences on selections and configurations of security technologies are very few. Based on this, and inspired by Anderson, et al, (2008), who considered that weather information security cost got higher reward than none information security cost at the budget of information security would be depend on risk tolerance of decision makers, this paper would like to study the influences of risk preference on information system security technology strategy.
