2017
DOI: 10.1057/s41274-016-0134-y
|View full text |Cite
|
Sign up to set email alerts
|

A game-theoretic analysis of information security investment for multiple firms in a network

Abstract: The application of Internet of Things promotes the cooperation among firms, and it also introduces some information security issues. Due to the vulnerability of the communication network, firms need to invest in information security technologies to protect their confidential information. In this paper, considering the multiple-step propagation of a security breach in a fully connected network, an information security investment game among n firms is investigated. We make meticulous theoretic and experimental a… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

2
28
1
2

Year Published

2018
2018
2024
2024

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 35 publications
(33 citation statements)
references
References 24 publications
2
28
1
2
Order By: Relevance
“…Nadalje, unutar modela izostaje pretpostavka kako napad, bez obzira je li riječ o ciljanom ili oportunističkom napadu, može nastupiti simultano. Qian et al (2017), vodeći se pretpostavkom kako ulaganje poslovne organizacije u sigurnost ne doprinosi isključivo sigurnosti vlastitog sustava, nego i sigurnosti sustava drugih poslovnih organizacija, razmatraju Nash-ovu ravnotežu. Potonja otkriva kako povećanje broja poslovnih organizacija u okružju, usprkos činjenici što isto povećava kibernetičku ranjivost, potiče poslovne organizacije na smanjeno ulaganje u sigurnost iz razloga što se u okružju pojavljuju "slobodni jahači".…”
Section: Teorija Igara Kao Koncept Optimizacije Ulaganja U Kibernetičku Sigurnostunclassified
“…Nadalje, unutar modela izostaje pretpostavka kako napad, bez obzira je li riječ o ciljanom ili oportunističkom napadu, može nastupiti simultano. Qian et al (2017), vodeći se pretpostavkom kako ulaganje poslovne organizacije u sigurnost ne doprinosi isključivo sigurnosti vlastitog sustava, nego i sigurnosti sustava drugih poslovnih organizacija, razmatraju Nash-ovu ravnotežu. Potonja otkriva kako povećanje broja poslovnih organizacija u okružju, usprkos činjenici što isto povećava kibernetičku ranjivost, potiče poslovne organizacije na smanjeno ulaganje u sigurnost iz razloga što se u okružju pojavljuju "slobodni jahači".…”
Section: Teorija Igara Kao Koncept Optimizacije Ulaganja U Kibernetičku Sigurnostunclassified
“…The cybersecurity problem among interconnected firms could be seen as the typical interdependent security (IDS) problem, proposed firstly by Kunreuther and Heal [29], who conducted a case study of security investment behaviors among firms in airline security and found that there is a "free-riding problem" of firms' security investment, also denoted as negative externality. Later, some research committed to solving such a negative external issue [10,17,30,31]. For example, Zhao, Xue, and Whinston [9] explored the effects of three risk management methods including cyberinsurance, managed security services (MSSs), and risk pooling arrangements (RPAs) in addressing the investment inefficiency, and the results showed that MSSs has the best effect on security risk management, followed by RPAs and cyberinsurance.…”
Section: Interdependent Cybersecurity Investmentmentioning
confidence: 99%
“…Sharing computer security vulnerabilities, breaches, intrusions, and technological solutions is an effective way to help organizations prevent, detect and correct security breaches proactively. Studies have also pointed out that security information sharing could reduce the uncertainty of network security investment to a certain extent, and thus depress the value of deferred options related to the investment [24,25,30]. President Obama signed the Cybersecurity Information Sharing Act (CISA) in 2015 to improve the level of cybersecurity in the United States.…”
Section: Extension To Effects Of Security Information Sharingmentioning
confidence: 99%
“…Proposition 2 notes that standardized decision processes are not applied. The academic literature has proposed various analyses to address information security investment decision-making (Bojanc & Jerman-Blažic 2012;Bojanc & Jerman-Blažic 2008;Huang & Behara 2013;Huang et al 2014;Qian et al 2017). While these approaches provide crucial input to determine the optimal amount, time and allocation of investments, the embedding within an organization's decision process is not carried out.…”
Section: Propositionmentioning
confidence: 99%