A differential game approach to information security investment under hackers’ knowledge dissemination

Gao, Xing; Wang, Zhong; Mei, Shue

doi:10.1016/j.orl.2013.05.002

Cited by 27 publications

(18 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Their analyses revealed that the nature of information assets, either complementary or substitutable, had a significant influence on the two firms' information security investment strategies. Gao et al (2013) considered firms' information security investment under Cournot and Bertrand competition and constructed a differential game in which over time hackers became knowledgeable by propagating security knowledge and firms could inhibit it by investing in information security. Their findings showed that higher effectiveness of inhibiting knowledge dissemination did not mean a higher investment.…”

Section: Literature Reviewmentioning

confidence: 99%

A game-theoretic analysis of information security investment for multiple firms in a network

Qian

Liu

Pei

et al. 2017

Journal of the Operational Research Society

View full text Add to dashboard Cite

The application of Internet of Things promotes the cooperation among firms, and it also introduces some information security issues. Due to the vulnerability of the communication network, firms need to invest in information security technologies to protect their confidential information. In this paper, considering the multiple-step propagation of a security breach in a fully connected network, an information security investment game among n firms is investigated. We make meticulous theoretic and experimental analyses on both the Nash equilibrium solution and the optimal solution. The results show that a larger network size (n) or a larger one-step propagation probability (q) has a negative effect on the Nash equilibrium investment. The optimal investment does not necessarily increase in n or q, and its variation trend depends on the concrete conditions. A compensation mechanism is proposed to encourage firms to coordinate their strategies and invest a higher amount equal to the optimal investment when they make decisions individually. At last, our model is extended by considering another direct breach probability function and another network structure, respectively. We find that a higher connection density of the network will result in a greater expected cost for each firm.

show abstract

Section: Literature Reviewmentioning

confidence: 99%

A game-theoretic analysis of information security investment for multiple firms in a network

Qian

Liu

Pei

et al. 2017

Journal of the Operational Research Society

View full text Add to dashboard Cite

show abstract

“…In addition, the existing literature obtained the optimal strategy by analyzing the influence of influencing factors on investment decisions. Gao et al (2013) considered hackers' behaviors and analyzed their impact on information security investment decision making of substitutable enterprise. The hackers' behavior can directly affect the level of enterprise information security technology and enterprise information security behavior, thus affecting the enterprise information security investment decisions.…”

Section: Literature Reviewmentioning

confidence: 99%

An economic analysis of information security investment decision making for substitutable enterprises

Xue

2021

Manage Decis Econ

View full text Add to dashboard Cite

As the competition among enterprises is increasingly fierce, the substitution of information assets makes the behavior of hackers and enterprises more complicated in the information security investment decision‐making process. In this paper, a game model of substitutable enterprise information security investment decision making is constructed by considering the influencing of substitution rate among enterprises, enterprise quantity, and probability of hacker invasion, and the optimal investment level is analyzed among substitutable enterprises under individual decision and joint decision based on game theory, optimization theory, and synergy theory. This research provides a new solution of information security investment decision making among substitutable enterprises.

show abstract

“…The rst question is mainly approached with traditional decision analysis including utility theory or value-at-risk approaches [29], e.g., in [21], [1] or [30]. The third question regarding the e ectiveness of the information security investment has been addressed in literature with game theory [29], e.g., in [10,16,17] or [41]. The rst and third question will not be addressed in this paper.…”

Section: Related Workmentioning

confidence: 99%

Towards a Multi-objective Optimization Model to Support Information Security Investment Decision-making

Weishäupl

2017

Proceedings of the 4th Workshop on Security in Highly Connected IT Systems

View full text Add to dashboard Cite

The protection of assets, including IT resources, intellectual property and business processes, against security attacks has become a challenging task for organizations. From an economic perspective, rms need to minimize the probability of a successful security incident or attack while staying within the boundaries of their information security budget in order to optimize their investment strategy. In this paper, an optimization model to support information security investment decision-making in organizations is proposed considering the two con icting objectives (simultaneously minimizing the costs of countermeasures while maximizing the security level). Decision models that support the rms' decisions considering the trade-o between the security level and the investment allocation are bene cial for organizations to facilitate and justify security investment choices. CCS CONCEPTS• Security and privacy → Systems security; KEYWORDSInformation security investment, decision-making, multi-objective optimization ACM

show abstract

A differential game approach to information security investment under hackers’ knowledge dissemination

Cited by 27 publications

References 6 publications

A game-theoretic analysis of information security investment for multiple firms in a network

A game-theoretic analysis of information security investment for multiple firms in a network

An economic analysis of information security investment decision making for substitutable enterprises

Towards a Multi-objective Optimization Model to Support Information Security Investment Decision-making

Contact Info

Product

Resources

About