[1] Gu Jianqiang, Mei Shue, Zhong Weijun,. Optimization and coordination modelof information system security investment for interdependent risk [J]. Journal of Southeast University (English Edition), 2015, 31 (2): 288-293. [doi:10.3969/j.issn.1003-7985.2015.02.023]
Copy
Optimization and coordination modelof information system security investment for interdependent risk(
)
)Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]
- Volumn:
- 31
- Issue:
- 2015 2
- Page:
- 288-293
- Research Field:
- Computer Science and Engineering
- Publishing date:
- 2015-06-20
Info
- Title:
- Optimization and coordination modelof information system security investment for interdependent risk
- Author(s):
- Gu Jianqiang; Mei Shu’e; Zhong Weijun
- School of Economics and Management, Southeast University, Nanjing 211189, China
- PACS:
- TP309
- DOI:
- 10.3969/j.issn.1003-7985.2015.02.023
- Abstract:
- The impact of risk correlation on firm’s investments in information system security is studied by using quantification models combining the ideas of the risk management theory and the game theory. The equilibrium levels of self-protection and insurance coverage under the non-cooperative condition are compared with socially optimal solutions, and the associated coordination mechanisms are proposed. The results show that self-protection investment increases in response to an increase in potential loss when the interdependent risk is small; the interdependent risk of security investments often induce firms to underinvest in security relative to the socially efficient level by ignoring marginal external costs or benefits conferred on others. A subsidy on self-protection investment from the government can help coordinate a firm’s risk management decision and, thereby, improve individual security level and overall social welfare.
References:
[1] Gao X, Zhong W J, Mei S E. A game-theory approach to configuration of detection software with decision errors[J]. Reliability Engineering & System Safety, 2013, 119(11): 35-43.
[2] Zhao L R, Mei S E, Zhong W J. Configuration strategy of two information security technologies based on risk preference[J]. Journal of Systems Engineering, 2014, 29(3): 324-333.(in Chinese)
[3] Zhao L R, Mei S E, Zhong W J. Game analysis on optimal configuration strategy of virtual private network and intrusion detection systems[J]. Journal of Industrial Engineering/Engineering Management, 2014, 28(4): 187-192.(in Chinese)
[4] Cavusoglu H, Raghunathan S. Configuration of and interaction between information security technologies:the case of firewalls and intrusion detection systems[J]. Information Systems Research, 2009, 20(2): 198-217.
[5] Heal G, Kunreuther H. Modeling interdependent risks[J]. Risk Analysis, 2007, 27(3): 621-634.
[6] Bandyopadhyay T, Jacob V, Raghunathan S. Information security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest[J]. Information Technology and Management, 2010, 11(1): 7-23.
[7] Gao X, Zhong W J, Mei S E. A game-theoretic analysis of information sharing and security investment for complementary firms[J]. Journal of the Operational Research Society, 2014, 65(11): 1682-1691.
[8] Ogut H, Menon N, Raghunathan S. Cyber security risk management:public policy implications of correlated risk, imperfect ability to prove loss, and observability of self-protection[J]. Risk Analysis, 2011, 31(3): 497-512.
[9] Woohyun S. An analysis of information security management strategies in the presence of interdependent security risk[J]. Asia Pacific Journal of Information Systems, 2012, 22(1): 79-101.
[10] Zhuang J. Impacts of subsidized security on stability and total social costs of equilibrium solutions in an N-player game with errors [J]. The Engineering Economist, 2010, 52(2): 131-149.
[11] Schoemaker P. The expected utility model: its variants, purposes, evidence and limitations[J]. Journal of Economic Literature, 1982, 20(2): 529-563.
Memo
- Memo:
-
Biographies: Gu Jianqiang(1979—), male, graduate; Mei Shu’e(corresponding author), female, doctor, professor, meishue@seu.edu.cn.
Foundation item: The National Natural Science Foundation of China(No.71071033).
Citation: Gu Jianqiang, Mei Shu’e, Zhong Weijun. Optimization and coordination model of information system security investment for interdependent risk[J].Journal of Southeast University(English Edition), 2015, 31(2):288-293.[doi:10.3969/j.issn.1003-7985.2015.02.023]