The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Tussle in cyberspace: defining tomorrow's internet
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Code-Red: a case study on the spread and victims of an internet worm
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
Towards Security in an Open Systems Federation
ESORICS '92 Proceedings of the Second European Symposium on Research in Computer Security
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
IEEE Security and Privacy
Near rationality and competitive equilibria in networked systems
Proceedings of the ACM SIGCOMM workshop on Practice and theory of incentives in networked systems
On achieving software diversity for improved network security using distributed coloring algorithms
Proceedings of the 11th ACM conference on Computer and communications security
Privacy and Rationality in Individual Decision Making
IEEE Security and Privacy
The Economics of Resisting Censorship
IEEE Security and Privacy
Network Software Security and User Incentives
Management Science
Measurement and analysis of spywave in a university environment
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Worms vs. perimeters: the case for hard-LANs
HOTI '04 Proceedings of the High Performance Interconnects, 2004. on Proceedings. 12th Annual IEEE Symposium
An inquiry into the nature and causes of the wealth of internet miscreants
Proceedings of the 14th ACM conference on Computer and communications security
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Power to the people: securing the internet one edge at a time
Proceedings of the 2007 workshop on Large scale attack defense
Secure or insure?: a game-theoretic analysis of information security games
Proceedings of the 17th international conference on World Wide Web
Uncertainty in the weakest-link security game
GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks
Nudge: intermediaries' role in interdependent network security
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Uncertainty in interdependent security games
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
When information improves information security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Network security games: combining game theory, behavioral economics, and network measurements
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Security games with market insurance
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Aegis: a novel cyber-insurance model
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Modeling internet security investments: tackling topological information uncertainty
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Hi-index | 0.00 |
Computer users express a strong desire to prevent attacks and to reduce the losses from computer and information security breaches. However, security compromises are common and widespread and highly damaging. Next to attackers' increased sophistication, a root cause for the harm inflicted is that users often fail to optimally protect their resources or to recover gracefully from a security breach. We argue that users often underestimate the strong mutual dependence between their security strategies and the economic environment (e.g., threat model) in which these choices are made and evaluated. This misunderstanding weakens the effectiveness of users' security investments, and is compounded by heterogeneity within the user population, in some cases further reducing incentives for cooperation and coordination. We study how economic agents invest into security in five different economic environments, that are characteristic of different threat models. We consider generalized models of traditional public goods games (e.g., total effort and weakest link) and two recently proposed games (e.g., weakest target game). Agents may split their contributions between a public good (protection) and a private good (self-insurance). Our analysis centers on how agents respond to incentives when important parameters of the game (i.e., loss probability, loss magnitude, and cost of technology) are heterogeneous in the agent population. We also highlight key differences to the case of homogeneous decision makers. For example, security investments may become substantially more sensitive to the size of the network. We extend our results to discuss important modes of intervention.