Byung Cho Kim

Commercialization of Platform Technologies: Launch Timing and Versioning Strategy

Many emerging entrepreneurial applications and services connect two or more groups of users over Internet-based information technologies. Commercial success of such platform technology products requires adoption of astute business practices related to product line design, price discrimination, and launch timing. We examine these issues for a platform firm that serves two markets, labeled as user and developer markets, with the latter emerging after the user market is proven. While the size of each market positively impacts participation in the other, our model allows for uncertainty regarding developer participation. We demonstrate that product versioning is an especially attractive strategy for platform firms, i.e., the tradeoff between market size and margins is tilted in the direction of more versions. However, when expanding the product line carries substantial fixed costs (e.g., marketing cost, cost of additional plant, managing multiple sets of inventory, increased distribution cost) then the uncertainty in developer participation adversely impacts the firm’s ability to offer multiple versions. We show that for established firms with lower uncertainty about developer participation, the choice is essentially between an expanded or minimal product line. Startups and firms that are entering a new product category are more likely to benefit from a “wait and see” deferred expansion strategy. Still, we demonstrate that uncertainty in developer participation can make early expansion desirable because it expands the installed base and, with the consequent increase in developer participation levels, increases the long-term incremental gain from product line expansion.

Determining the antecedents of digital security practices in the general public dimension

Our increased reliance on digital information and our expansive use of the Internet for a steadily rising number of tasks requires that more emphasis be placed on digital information security. The importance of securing digital information is apparent but the success in persuading individual users to adopt and utilize tools to improve security has been arguably more difficult. In this study, we propose a number of factors that may influence individual security practices. These constructs are developed by adapting existing theory from information security and privacy research to examine information security behaviors in the general public dimension. The influence of these factors on perceived need and actual behavior is then examined. The resulting model is shown to fit well and support is found for many of the proposed relationships. The determination of the antecedents of individual digital security practices may provide useful insight to tailoring programs for adoption and utilization of security tools by individuals in the general public dimension.

Effective immunization of online networks: a self-similar selection approach

This paper proposes a self-similar selection method as an alternative to existing immunization strategies for online networks. Given the self-similar characteristics of online networks which are shown to have fractal and scale-free structure, we presume that the self-similar selection which is well developed in physics outperforms random or targeted vaccination based on incoming or outgoing connections. We examine the effectiveness of the proposed self-similar selection method with random vaccination and other different types of targeted vaccination strategies in terms of delaying the spread of computer virus over a scale-free computer network constructed using real-world World Wide Web data. Our computer simulation results indicate that the self-similar selection method is more effective in deterring virus propagation than the existing vaccination strategies. In addition, vaccination based on self-similar selection is practical since it does not require detailed information about network morphology at the individual node level, which is often not easy to observe. Our findings have significant implications for both policy makers and network security providers.

Exposing others’ information on online social networks (OSNs): Perceived shared risk, its determinants, and its influence on OSN privacy control use

Abstract People using online social networks (OSNs) exchange information through posts of multimedia content, which may contain others’ information. Our study contributes to the privacy literature by examining individuals’ perceptions of the risk their OSN activity poses to others’ information. We introduce the concept “ perceived shared risk ,” which includes OSN users’ perceived severity and susceptibility of exposing others’ information. Results indicate culture, concerns regarding one’s own information, and Facebook information disclosure self-efficacy influence both risk components. We also identify a correlation between perceived shared risk and the use of OSN privacy controls.

Differential effects of prior experience on the malware resolution process

Despite growing interest in the economic and policy aspects of information security, little academic research has used field data to examine the development process of a security countermeasure provider. In this paper, we empirically examine the learning process a security software developer undergoes in resolving a malware problem. Using the data collected from a leading antivirus software company in Asia, we study the differential effects of experience on the malware resolution process. Our findings reveal that general knowledge from cross-family experience has greater impact than specific knowledge from within-family experience on performance in the malware resolution process. We also examine the factors that drive the differential effects of prior experience. Interestingly, our data show that cross-family experience is more effective than within-family experience in malware resolution when malware targets the general public than when a specific victim is targeted. Similar results--for example, the higher (lower) effect of cross-family (within-family) experience-- were observed in the presence of information sharing among software vendors or during a disruption caused by a catastrophe. Our study contributes to a better understanding of the specific expertise required for security countermeasure providers to be able to respond under varying conditions to fast-evolving malware.

Optimal Digital Rights Management with Uncertain Piracy

Many firms that sell digital copies of copyrighted materials online face a common dilemma: the use of Digital Rights Management to impede pirates often also has negative implications for legitimate customers. We introduce a two-period model in which the use of DRM in the first period affects the probability of consumers encountering pirated copies in the second period, the threat of legal action affects the probability of consumers obtaining pirated copies, and firms choose whether to sell, and at what prices, either strongly or weakly DRM protected copies, or both. We are able to explain a range of observable firm behaviors with this model, including the use of price discrimination to offer both strongly and weakly protected files simultaneously, with weaker protection commanding a higher price, and the eventual abandonment of DRM protections, both of which have been observed at various times, for example, with Apples iTunes service.

Individual Trust and Consumer Risk Perception

Abstract This paper examines the relationship between trust and risk perceptions of online activities. Specifically, we study the impact of an individual’s trust of other people on the severity and certainty of risk, which in turn influence an individual’s risk perception. We administer a 23-item survey to 386 participants at a large southeastern university, and test our model using structural equation modeling. We find evidence that supports the proposed relationship, implying that perceived certainty of risk is negatively associated with trust of individuals and that both certainty and severity of risk have a positive impact on an individual’s risk perception. Our results indicate that users may underestimate risks when they interact with people they trust, suggesting the need for a higher level of protection for transactions between individuals who are familiar with each other. From a modeling perspective, our straightforward model of trust and risk could be used in future studies that examine specific online activities.