2015
DOI: 10.4301/s1807-17752015000200004
View full text |Buy / Rent full text
|
Sign up to set email alerts
|

Abstract: We build a game theory model where the market design is such that one firm invests in security to defend against cyber attacks by two hackers. The firm has an asset, which is allocated between the three market participants dependent on their contest success. Each hacker chooses an optimal attack, and they share information with each other about the firm's vulnerabilities. Each hacker prefers to receive information, but delivering information gives competitive advantage to the other hacker. We find that each ha… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
5
0

Year Published

2017
2017
2022
2022

Publication Types

Select...
3
1

Relationship

1
3

Authors

Journals

citations
Cited by 11 publications
(5 citation statements)
references
References 25 publications
(5 reference statements)
0
5
0
Order By: Relevance
“…The 2016 Guide to Cyber Threat Information Sharing, published by the US National Institute of Standards and Technology (NIST), describes the advantages of IS measures for improving cybersecurity 6 as follows: 5 Of course, hostile cyber actors also engage in IS, an interesting issue beyond the present scope. See Hausken (2015). 6 "Cybersecurity" describes the process of applying a "range of actions for the prevention, mitigation, investigation and handling of cyber threats and incidents, and for the reduction of their effects and of the damage caused by them prior, during and after their occurrence."…”
Section: Defining Information Sharingmentioning
confidence: 99%
“…Within information security, game theoretic research has focused on data survivability versus security in information systems [27], substitution and interdependence [28][29][30], returns on information security investment [31,32], and information sharing to prevent attacks [33][34][35][36][37]. See Do et al [38], Hausken and Levitin [39], and Roy et al [40] for reviews on game theoretic cybersecurity research.…”
Section: Information Securitymentioning
confidence: 99%
“…(2007) study the investment strategies in defense among defenders in interdependent security scenarios; Ghose et al . study information sharing linked to competition between cyber attackers; Nikoofal and Zhuang (2015), Zhuang et al . (2010), Zhuang et al .…”
Section: Current Information Sharing Architecturesmentioning
confidence: 99%
“…As we discussed, the main inhibitor preventing the private sectors from actively participating in an information sharing system is the concern of information leakage. Interestingly, when it turns to information sharing among cyber hackers, according to Hausken, “an important difference is that whereas two firms incur information leakage costs when sharing information about their vulnerabilities and security breaches, two hackers sharing information about a firm's vulnerabilities do not incur costs in the same manner.” Hausken also suggests that defenders compartmentalize the interaction of hackers with each other or design incentives to isolate them from each other since “hackers may cooperate through sharing information with each other about a firm's vulnerabilities.”…”
Section: Current Information Sharing Architecturesmentioning
confidence: 99%
“…Gao and Zhong [7] explored the effect of attack level, firms' information sharing and security technology investment on profits, and customer needs under hackers' targeted attacks. Hausken [8] showed that the attack level is irrelevant with the efficiency of information sharing, but hackers' information sharing level decreases with the increase of firm's security investment [9]. On the basis, he also concluded that hackers improve their attack level by sharing vulnerability information of the firms' information systems.…”
Section: Introductionmentioning
confidence: 99%