Information Security Investment When Hackers Disseminate Knowledge

Abstract: A s an emerging and thriving research branch, information security economics has recently drawn significant attention from practitioners and academics. Traditionally, both decision and static game theoretical techniques are employed to characterize the strategies of firms and hackers. However, these techniques fail to capture the dynamic attribute of the risk environment, which is an increasingly important element, especially in modern distributed and complex computer and communication networks. Utilizing a di… Show more

“…This paper is closely related with another hacker behavior, hacker knowledge dissemination, which is discussed by Mookerjee et al [32] and Gao et al [12,13]. Mookerjee et al [32] discuss how a firm's discrimination ability (the ability to distinguish between attacks and normal usage) changes with the hacker knowledge dissemination.…”

“…Mookerjee et al [32] discuss how a firm's discrimination ability (the ability to distinguish between attacks and normal usage) changes with the hacker knowledge dissemination. Gao et al [12] compare dynamic security investment under Cournot and Bertrand competition, whereas Gao et al [13] analyze how move-timing affects dynamic security investment. Different from Mookerjee et al [32] and Gao et al [13] who discuss the security investment of just one firm, this paper considers the security investment of two competitive firms.…”

Competitive information security investment under hacker knowledge dissemination

“…This paper is closely related with another hacker behavior, hacker knowledge dissemination, which is discussed by Mookerjee et al [32] and Gao et al [12,13]. Mookerjee et al [32] discuss how a firm's discrimination ability (the ability to distinguish between attacks and normal usage) changes with the hacker knowledge dissemination.…”

“…Mookerjee et al [32] discuss how a firm's discrimination ability (the ability to distinguish between attacks and normal usage) changes with the hacker knowledge dissemination. Gao et al [12] compare dynamic security investment under Cournot and Bertrand competition, whereas Gao et al [13] analyze how move-timing affects dynamic security investment. Different from Mookerjee et al [32] and Gao et al [13] who discuss the security investment of just one firm, this paper considers the security investment of two competitive firms.…”

Competitive information security investment under hacker knowledge dissemination

“…Cavusoglu et al (2008) compare it to decision-theoretic approaches and suggests that the sequential game results in the maximum payoff for the firm. Considering that hackers may disseminate security knowledge within a hacker population over time, Gao et al (2013) apply a simultaneous and sequential differential game, finding that the firm invested the most in the sequential differential game. The game-theoretical approach is also employed in modeling the actions and reactions of two allied firms.…”

Shall we follow? Impact of reputation concern on information security managers’ investment decisions

“…A döntési és statikus játékteóriákat is alkalmazzák annak érdekében, hogy a szakemberek képesek legyenek felismerni és jellemezni a hackerek és a vállalatok stratégiáját. Azonban még így sem lehetséges a kockázati környezet dinamikáinak teljes kezelése, amely kiemelt eleme az olyan modern és elosztott informatikai rendszereknek, mint a felhőmegoldások (Gao et al, 2013). A biztonsági incidens gyanúja, vagy bekövetkezése esetén lefolytatott forensics vizsgálatok segítenek abban, hogy az események körét, az ügyfelek érintettségét meg lehessen határozni.…”

Szervezeti kultúra, vezetői szerepek, az információbiztonság és a felhőalapú megoldások kapcsolata