From the Editors: Probability Approximations, Anti-Terrorism Strategy, and Bull's-Eye Display for Performance Feedback

Sarin, Rakesh K.; Keller, L. Robin

doi:10.1287/deca.1120.0262

Cited by 2 publications

(1 citation statement)

References 55 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Hausken and Zhuang (2011) analyze a sequential game in which the government allocates its resources between attacking to downgrade the terrorist's resources and defending against the terrorist attack in the first stage, whereas the terrorist allocates its resources between attacking the government's asset and defending its own resources in the second stage. Other similar studies have been conducted, such as, He and Zhuang (2012), Hausken (2008b), Hausken and Zhuang (2012), Zhuang et al (2010), Haphuriwat et al (2011), Merrick and McLay (2010), Cavusoglu et al (2013), Samuel and Guikema (2012), Sarin and Keller (2013), and in particular, a recent survey by Hausken and Levitin (2012).…”

Section: Introductionmentioning

confidence: 82%

Information Security Investment When Hackers Disseminate Knowledge

2013

View full text Add to dashboard Cite

A s an emerging and thriving research branch, information security economics has recently drawn significant attention from practitioners and academics. Traditionally, both decision and static game theoretical techniques are employed to characterize the strategies of firms and hackers. However, these techniques fail to capture the dynamic attribute of the risk environment, which is an increasingly important element, especially in modern distributed and complex computer and communication networks. Utilizing a differential game framework in which hackers disseminate security knowledge within a hacker population over time, this paper analyzes dynamic interactions between a firm endeavoring to protect its information assets and a hacker seeking to misappropriate them. In particular, we investigate three differential games in which the firm and the hacker move simultaneously and sequentially, respectively. We find that (a) the hacker invests the most in the simultaneous differential game, whereas the firm, as the leader, invests the most in the sequential differential game, and (b) both the firm and the hacker enjoy their highest payoffs in the sequential differential game with the hacker as the leader. Furthermore, it is numerically shown that in equilibrium, knowledge dissemination may not necessarily benefit the hacker and harm the firm. Some of our results are consistent with the findings of previous work, although the earlier results were obtained from a static game framework. Our main findings contrast with those of several previous studies that showed mixed results for comparisons between simultaneous and sequential games.

show abstract