An economic analysis of information security decisions with mandatory security standards in resource sharing environments

被引：8

作者：

Gao, Xing ^{[1
]}

Gong, Siyu ^{[1
]}

Wang, Ying ^{[1
]}

Wang, Xifan ^{[1
]}

Qiu, Manting ^{[1
]}

机构：

[1] Southeast Univ, Sch Econ & Management, Nanjing 211189, Jiangsu Provinc, Peoples R China

来源：

EXPERT SYSTEMS WITH APPLICATIONS | 2022年 / 206卷

基金：

中国国家自然科学基金;

关键词：

Information security investment; Information security standards; Resource sharing; Cyber-attacks; Compensation mechanism; GAME-THEORETIC ANALYSIS; INVESTMENT; ATTACK; COMPETITION; IMPACT; FIRMS;

D O I：

10.1016/j.eswa.2022.117894

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

While mandatory security standards are salient in the management of information security, the related theoretic studies are scarce, especially when strategic hackers are considered. Using a game-theoretic model, this paper examines the strategic interaction in a resource sharing environment between two firms who invest in infor-mation security subject to the mandatory standard and one hacker who exerts attack efforts against the firms. It shows that the strict mandatory standard doesn't always benefit each firm even though its information systems can be better protected. As the firms share more resource, each firm lacks strong motivation to invest enough in information security, and as a result stricter security standard should be formulated from the socially optimal standpoint. Moreover, we find that although compensation mechanism can urge each firm to invest more, this mechanism may harm each firm.

引用

页数：19

共 37 条

[1] Dynamic competition in IT security: A differential games approach
Bandyopadhyay, Tridib
Liu, Dengpan
Mookerjee, Vijay S.
Wilhite, Allen W.
[J]. INFORMATION SYSTEMS FRONTIERS, 2014, 16 (04) : 643 - 661
[2] Information security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest
Bandyopadhyay, Tridib
Jacob, Varghese
Raghunathan, Srinivasan
[J]. INFORMATION TECHNOLOGY & MANAGEMENT, 2010, 11 (01) : 7 - 23
[3] Decision-theoretic and game-theoretic approaches to IT security investment
Cavusoglu, Huseyin
Raghunathan, Srinivasan
Yue, Wei T.
[J]. JOURNAL OF MANAGEMENT INFORMATION SYSTEMS, 2008, 25 (02) : 281 - 304
[4] Why users cannot use security
Furnell, S
[J]. COMPUTERS & SECURITY, 2005, 24 (04) : 274 - 279
[5] The economic incentives for sharing security information
Gal-Or, E
Ghose, A
[J]. INFORMATION SYSTEMS RESEARCH, 2005, 16 (02) : 186 - 208
[6] An economic analysis of information security outsourcing with competitive firms
Gao, Xing
Gong, Siyu
[J]. MANAGERIAL AND DECISION ECONOMICS, 2022, 43 (07) : 2748 - 2758
[7] Economic incentives in security information sharing: the effects of market structures
Gao, Xing
Zhong, Weijun
[J]. INFORMATION TECHNOLOGY & MANAGEMENT, 2016, 17 (04) : 361 - 377
[8] A differential game approach to security investment and information sharing in a competitive environment
Gao, Xing
Zhong, Weijun
[J]. IIE TRANSACTIONS, 2016, 48 (06) : 511 - 526
[9] Information security investment for competitive firms with hacker behavior and security requirements
Gao, Xing
Zhong, Weijun
[J]. ANNALS OF OPERATIONS RESEARCH, 2015, 235 (01) : 277 - 300
[10] A game-theoretic analysis of information sharing and security investment for complementary firms
Gao, Xing
Zhong, Weijun
Mei, Shue
[J]. JOURNAL OF THE OPERATIONAL RESEARCH SOCIETY, 2014, 65 (11) : 1682 - 1691

← 1 2 3 4 →