基于Gordon-Loeb模型的信息安全投资博弈研究

王秦; 朱建明

doi:10.11959/j.issn.1000-436x.2018027

您当前的位置：

首页 >

文章列表页 >

基于Gordon-Loeb模型的信息安全投资博弈研究

学术通信 | 更新时间：2024-06-05

- 基于Gordon-Loeb模型的信息安全投资博弈研究
- Research on the game of information security investment based on the Gordon-Loeb model
- 通信学报 2018年39卷第2期页码：174-182
- 作者机构：
  
  中央财经大学信息学院，北京 100081
- 作者简介：
  
  [ "王秦（1990-），男，甘肃天水人，中央财经大博士生，主要研究方向为信息安全的经济学分析。" ]
  [ "朱建明（1965-），男，山西太原人，博士，中央财经大学教授、博士生导师，主要研究方向为信息安全和电子商务安全。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2017YFB1400700);国家自然科学基金资助项目(U1509214);国家自然科学基金资助项目(61272398)
- DOI：10.11959/j.issn.1000-436x.2018027
  中图分类号： TP309
- 网络出版日期：2018-02，
  
  纸质出版日期：2018-02-25
- 稿件说明：
移动端阅览
王秦, 朱建明. 基于Gordon-Loeb模型的信息安全投资博弈研究[J]. 通信学报, 2018,39(2):174-182.

Qin WANG, Jianming ZHU. Research on the game of information security investment based on the Gordon-Loeb model[J]. Journal on communications, 2018, 39(2): 174-182.
王秦, 朱建明. 基于Gordon-Loeb模型的信息安全投资博弈研究[J]. 通信学报, 2018,39(2):174-182. DOI： 10.11959/j.issn.1000-436x.2018027.

Qin WANG, Jianming ZHU. Research on the game of information security investment based on the Gordon-Loeb model[J]. Journal on communications, 2018, 39(2): 174-182. DOI： 10.11959/j.issn.1000-436x.2018027.

摘要

为了研究信息安全投资外部性的影响，将Gordon-Loeb模型扩展到多组织博弈环境下，分别得出在正负外部性下，面对不同类型的攻击时，最优信息安全投资与脆弱性、潜在损失和投资效率的关系，并且比较了与社会最优条件下最优信息安全投资的差别。结果表明，正外部性条件下的信息安全投资变化规律与单一组织的情况相比存在一定相似之处，但负外部性下的信息安全投资改变较大，总体更加谨慎，并且攻击类型对于信息安全投资有着重要影响。

Abstract

In order to study the impacts of externalities of information security investment

the Gordon-Loeb model was extended to a multi-organization game environment.The relationships of the optimal information security investment with vulnerability

potential loss and investment effectiveness when confronted with different attack types under the positive and negative externalities were obtained respectively

and the difference with the optimal information security investment under the social optimum condition was compared.The results show that there were some similarities in the varying pattern of information security investment between the condition of the positive externality and a single organization

but information security investment under the negative externality changes greatly and was generally more cautious

and attack types also have important impacts on information security investment.

关键词

Keywords

references

ANDERSON R , . Why information security is hard:an economic perspective [C ] // The Seventeenth Annual Computer Security Applications Conference . 2001 : 358 - 365 .

GORDON L A , LOEB M P . The economics of information security investment [J ] . ACM Transactions on Information ＆ System Security , 2002 , 5 ( 4 ): 438 - 457 .

陈天平 , 张串绒 , 郭威武 , 等 . 效用理论在信息安全投资优化中的应用 [J ] . 计算机科学 , 2009 , 36 ( 12 ): 70 - 72 .

CHEN T P , ZHANG C R , GUO W W , et al . Application of utility theory in investment optimizing of information security [J ] . Computer Science , 2009 , 36 ( 12 ): 70 - 72 .

GORDON L A , LOEB M P , LUCYSHYN W , et al . Externalities and the magnitude of cyber security underinvestment by private sector firms:a modification of the Gordon-Loeb model [J ] . Journal of Information Security , 2015 , 6 ( 1 ): 24 - 30 .

HUANG C D , HU Q , BEHARA R S . Economics of information security investment in the case of simultaneous attacks [C ] // The Fifth Workshop on the Economics of Information Security . 2006 .

HUANG C D , HU Q , BEHARA R S . An economic analysis of the optimal information security investment in the case of a risk-averse firm [J ] . International Journal of Production Economics , 2008 , 114 ( 2 ): 793 - 804 .

HUANG C D , BEHARA R S , GOO J . Optimal information security investment in a Healthcare Information Exchange:an economic analysis [J ] . Decision Support Systems , 2013 , 61 ( 1 ): 1 - 11 .

GORDON L A , LOEB M P , LUCYSHYN W . Sharing information on computer systems security:an economic analysis [J ] . Journal of Accounting ＆ Public Policy , 2003 , 22 ( 6 ): 461 - 485 .

巩国权 , 王军 , 强爽 . 双寡头垄断市场的信息安全投资模型研究 [J ] . 中国管理科学 , 2007 , 15 ( z1 ): 444 - 448 .

GONG G Q , WANG J , QIANG S . Information security investment model in dual-oligopoly market [J ] . Chinese Journal of Management Science , 2007 , 15 ( z1 ): 444 - 448 .

LELARGE M . Coordination in network security games:a monotone comparative statics approach [J ] . IEEE Journal on Selected Areas in Communications , 2012 , 30 ( 11 ): 2210 - 2219 .

WU Y , FENG G , WANG N , et al . Game of information security investment:impact of attack types and network vulnerability [J ] . Expert Systems with Applications , 2015 , 42 ( 15-16 ): 6132 - 6146 .

QIAN X , LIU X , PEI J , et al . A game-theoretic analysis of information security investment for multiple firms in a network [J ] . Journal of the Operational Research Society , 2017 , 68 ( 10 ): 1 - 16 .

IOANNIDIS C , PYM D , WILLIAMS J . Fixed costs,investment rigidities,and risk aversion in information security:a utility-theoretic approach [M ] // Economics of Information Security and Privacy III . 2013 : 171 - 191 .

ČAPKO Z , AKSENTIJEVIĆ S , TIJAN E . Economic and financial analysis of investments in information security [C ] // The 37th International Convention on Information and Communication Technology,Electronics and Microelectronics . 2014 : 1550 - 1556 .

浏览量

936

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

暂无数据