An economic analysis of information security decisions with mandatory security standards in resource sharing environments
•This paper examines strategic interaction in a resource sharing environment with mandatory security standard.•It shows the strict mandatory standard doesn’t always benefit each firm.•As firms share more resource, stricter security standard should be formulated.•Compensation mechanism may harm each...
Gespeichert in:
Veröffentlicht in: | Expert systems with applications 2022-11, Vol.206, p.117894, Article 117894 |
---|---|
Hauptverfasser: | , , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | •This paper examines strategic interaction in a resource sharing environment with mandatory security standard.•It shows the strict mandatory standard doesn’t always benefit each firm.•As firms share more resource, stricter security standard should be formulated.•Compensation mechanism may harm each firm.
While mandatory security standards are salient in the management of information security, the related theoretic studies are scarce, especially when strategic hackers are considered. Using a game-theoretic model, this paper examines the strategic interaction in a resource sharing environment between two firms who invest in information security subject to the mandatory standard and one hacker who exerts attack efforts against the firms. It shows that the strict mandatory standard doesn’t always benefit each firm even though its information systems can be better protected. As the firms share more resource, each firm lacks strong motivation to invest enough in information security, and as a result stricter security standard should be formulated from the socially optimal standpoint. Moreover, we find that although compensation mechanism can urge each firm to invest more, this mechanism may harm each firm. |
---|---|
ISSN: | 0957-4174 1873-6793 |
DOI: | 10.1016/j.eswa.2022.117894 |