关键词: 网络安全，效用理论，风险控制，信息安全投资

Abstract: The relation model between security investment and risk control was introduced to solve the problem of the optimal information security investment in corporation budget. The security investment efficiency was studied and the new concept of reducing the event probability and lost efficiency was presented. The utility theory was used to model system under the corporation wealth, risk lost and security investment, and the exponential utility function was used to model the yield of corporation,maximum security investment bound was analyzed. The method using differential coeffident to achieve extremum was applied for the utility function and derived the result of optimal investment. The case study demonstrated the risk measurement method based on the utility was scientific and the security events producing more loss effect need more security investment.

Key words: Network security, Utility theory, Risk control, Information security investment