When information improves information security

Authors:
Jens Grossklags;Benjamin Johnson;Nicolas Christin
Affiliations:
Center for Information Technology Policy, Princeton University;CyLab, Carnegie Mellon University;CyLab, Carnegie Mellon University
Venue:
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Year:
2010

Citing 7
Cited 5

The economics of information security investment

ACM Transactions on Information and System Security (TISSEC)
Privacy and Rationality in Individual Decision Making

IEEE Security and Privacy
Secure or insure?: a game-theoretic analysis of information security games

Proceedings of the 17th international conference on World Wide Web
Security and insurance management in networks with heterogeneous agents

Proceedings of the 9th ACM conference on Electronic commerce
Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment

Journal of Management Information Systems
Uncertainty in the weakest-link security game

GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks
So long, and no thanks for the externalities: the rational rejection of security advice by users

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop

Nudge: intermediaries' role in interdependent network security

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Are security experts useful? Bayesian Nash equilibria for network security games with limited information

ESORICS'10 Proceedings of the 15th European conference on Research in computer security
Uncertainty in interdependent security games

GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Modeling internet security investments: tackling topological information uncertainty

GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Security adoption and influence of cyber-insurance markets in heterogeneous networks

Performance Evaluation

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a formal, quantitative evaluation of the impact of bounded-rational security decision-making subject to limited information and externalities. We investigate a mixed economy of an individual rational expert and several naïve near-sighted agents. We further model three canonical types of negative externalities (weakest-link, best shot and total effort), and study the impact of two information regimes on the threat level agents are facing.