A production and conflict (P&C) model and a rent-seeking (RS) model are compared for one group, two groups and K groups. Adding a new agent enlarges the pie in the P&C model, but causes the fixed size pie to be allocated on one more rent seeker in the RS model. The total production or rent is distributed within and between groups according to the within-group and between-group decisiveness. Productive and fighting efficiencies and group sizes play a role. The collective action problem is more severe for the RS model. As group size increases, the ratio of within-group to between-group fighting increases marginally toward a constant for the P&C model, while it increases convexly for the RS model. Adding an additional agent to each of two groups is more detrimental to the utilities in RS groups than in P&C groups, while adding a second group of agents when there is already one group of agents gives the reverse result. The severe between-group fighting in the P&C model for many groups causes the P&C model to be preferable for few groups, while the RS model is preferable for many groups. Applications are considered to intergroup migration, inside versus outside ownership, divestitures, mergers and acquisitions, multidivisional versus single-tier firms and U form versus M form of economic organization.
The behavioral dimension matters in Probabilistic Risk Analysis (PRA) since players throughout a system incur costs to increase system reliability interpreted as a public good. Individual strategies at the subsystem level generally conflict with collective desires at the system level. Game theory, the natural tool to analyze individual-collective conflicts that affect risk, is integrated into PRA. Conflicts arise in series, parallel, and summation systems over which player(s) prefer(s) to incur the cost of risk reduction. Frequently, the series, parallel, and summation systems correspond to the four most common games in game theory, i.e., the coordination game, the battle of the sexes and the chicken game, and prisoner's dilemma, respectively.
As the Sarbanes-Oxley Act strengthens internal controls, and the government encourages information sharing, accounting gains significance through secure representation, storage, and transfer of information, and by laying the foundation for assessing costs and benefits. Information sharing and security investment for two firms are inverse U shaped in the aggregate attack, and interlinked through the interdependence and the firm's unit cost of security investment. Both increase in the interdependence (e.g. US telecommunications industry). With given security investment, social welfare is inverse U shaped in information sharing. Individual optimization implies free riding. A social planner is introduced controlling information sharing, security investment, or both, in simultaneous and two period games. Two period games where the social planner moves first are realistic when the social planner is highly respected. For the simultaneous game, a social planner controlling information sharing (security investment) imposes unreasonably high sharing (security investment). Firms free ride in the variable they control. The social planner imposes more moderate levels in the two period games. A social planner controlling both information sharing and security investment in a two period game where the social planner moves first is the most beneficial control scenario when the firms' defense efficiencies are high. If these are sufficiently high, the attack is deterred altogether.
Four kinds of marginal returns to security investment to protect an information set are decrease, first increase and then decrease (logistic function), increase, and constancy. Gordon, L. A. and Loeb, M. (ACM Trans. Inf. Syst. Secur., 5:438-457, 2002). find for decreasing marginal returns that a firm invests maximum 37% (1/e) of the expected loss from a security breach, and that protecting moderately rather than extremely vulnerable information sets may be optimal. This article presents classes of all four kinds where the optimal investment is no longer capped at 1/e. First, investment in information security activities for the logistic function is zero for low vulnerabilities, jumps in a limited "bang-bang" manner to a positive level for intermediate vulnerabilities, and thereafter increases concavely in absolute terms. Second, we present an alternative class with decreasing marginal returns where the investment increases convexly in the vulnerability until a bound is reached, investing most heavily to protect the extremely vulnerable information sets. For the third and fourth kinds the optimal investment is of an all-out "bang-bang" nature, that is, zero for low vulnerabilities, and jumping to maximum investment for intermediate vulnerabilities.
Firms in cyber war compete with external intruders such as hackers over their assets. Each firm invests in security technology when the required rate of return from security investment exceeds the average attack level, or when the formal control requirements dictate investment. Each firm invests maximally in security when the average attack level is 25% of the firm's required rate of return. The income effect eliminates or ''freezes'' parts of the agent's resource, attack tools, and competence. The security investment decreases in the income reduction parameter when the agent's resource is low, is inverse U shaped when the resource is intermediate, and drops to zero when the external threat is overwhelming. A sufficiently strong income effect eliminates the external threat. When two firms are interdependent, security investments and attacks impact both firms. With increasing interdependence, each firm free rides by investing less, suffers lower profit, while the agent enjoys higher profit. The substitution effect causes the agent to allocate his attack optimally between the firms. The attack distribution is endogenized. Each firm's security investment increases in its asset and investment efficiency. The attack against each firm increases in the product of the firm's asset and investment inefficiency. Specific analyses are made of how the substitution effect impacts security investment for differently sized firms.
A target is protected by the defender and attacked by an attacker launching sequential attacks. For each attack, a contest intensity measures whether the agents' efforts have low or high impact on the target vulnerability (low vs. high contest intensity). Both the defender and the attacker have limited resources. It is assumed that the attacker can observe the outcome of each attack and stop the sequence of attacks when the target is destroyed. Two attacker objectives are considered, that is, to maximize the target vulnerability or to minimize the expected attacker resource expenditure. The article addresses the following three questions: whether the attacker should allocate its entire resource into one large attack or distribute it among several attacks; whether geometrically increasing or decreasing resource distribution into a fixed number of sequential attacks is more beneficial than equal resource distribution; and how the optimal attack strategy depends on the contest intensity.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
334 Leonard St
Brooklyn, NY 11211
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.