Help
Cart
Skip main navigation

Available Issues

December 4, 2012 - March 5, 2026

Available Issues

December 4, 2012 - March 5, 2026

Information Security Investment When Hackers Disseminate Knowledge

Published Online:2 Dec 2013https://doi.org/10.1287/deca.2013.0278

References

  • Anderson R (2001) Why information security is hard: An economic perspective. Proc. Seventeenth Comput. Security Appl. Conf. (New Orleans, LA), 358–365.CrossrefGoogle Scholar
  • Anderson R (2002) Security in open versus closed systems–the dance of Boltzmann, Coase and Moore. Technical report, Cambridge University, Cambridge, UK.Google Scholar
  • Anderson R, Moore T (2006) The economics of information security. Science 314(5799):610–613.CrossrefGoogle Scholar
  • Bandyopadhyay S, Sandler T (2011) The interplay between preemptive and defensive counterterrorism measures: A two-stage game. Economica 78(311):546–564.CrossrefGoogle Scholar
  • Bandyopadhyay T, Jacob V, Raghunathan S (2010) Information security in networked supply chains: Impact of network vulnerability and supply chain integration on incentives to invest. Inform. Tech. Management 11(1):7–23.CrossrefGoogle Scholar
  • Bandyopadhyay T, Liu D, Mookerjee VS, Wilhite AW (2012) Dynamic competition in IT security: A differential games approach. Inform. Systems Front. Forthcoming.Google Scholar
  • Başar T, Bensoussan A, Sethi S (2010) Differential games with mixed leadership: The open-loop solution. Appl. Math. Comput. 217(3):972–979.CrossrefGoogle Scholar
  • Benjamin V, Chen H (2012) Securing cyberspace: Identifying key actors in hacker communities. IEEE Internat. Conf. Intelligence and Security Informatics, Arlington, VA, 24–29.CrossrefGoogle Scholar
  • Bensoussan A, Chen S, Sethi S (2012) Feedback Stackelberg solutions of infinite-horizon stochastic differential games. Working paper, University of Texas at Dallas, Dallas, http://dx.doi.org/10.2189/ssrn.2151533.CrossrefGoogle Scholar
  • Bhimani A, Hausken K, Ncube M (2010) Agent takeover risk of principal in outsourcing relationships. Global Bus. Econom. Rev. 12(4):329–340.CrossrefGoogle Scholar
  • Bier VM (2007) Choosing what to protect. Risk Anal. 27(3):607–620.CrossrefGoogle Scholar
  • Bier VM, Oliveros S, Samuelson L (2007) Choosing what to protect: Strategic defensive allocation against an unknown attacker. J. Public Econom. Theory 9(4):563–587.CrossrefGoogle Scholar
  • Cárceles-Poveda E, Tauman Y (2011) A strategic analysis of the war against transnational terrorism. Games Econom. Behav. 71(1):49–65.CrossrefGoogle Scholar
  • Cavusoglu H, Raghunathan S (2004) Configuration of detection software: A comparison of decision and game theory approaches. Decision Anal. 1(3):131–148.LinkGoogle Scholar
  • Cavusoglu H, Mishra B, Raghunathan S (2005) The value of intrusion detection systems in information technology security architecture. Inform. Systems Res. 16(1):28–46.LinkGoogle Scholar
  • Cavusoglu H, Raghunathan S, Cavusoglu H (2009) Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Inform. Systems Res. 20(2):198–217.LinkGoogle Scholar
  • Cavusoglu H, Raghunathan S, Yue WT (2008) Decision-theoretic and game-theoretic approaches to IT security investment. J. Management Inform. Systems 25(2):281–304.CrossrefGoogle Scholar
  • Cavusoglu H, Kwark Y, Mai B, Raghunathan S (2013) Passenger profiling and screening for aviation security in the presence of strategic attackers. Decision Anal. 10(1):63–81.LinkGoogle Scholar
  • Cellini R, Lambertini L (2002) A differential game approach to investment in product differentiation. J. Econom. Dynam. Control 27(1):51–62.CrossrefGoogle Scholar
  • Cellini R, Lambertini L (2003) Advertising in a differential oligopoly game. J. Optim. Theory Appl. 116(1):61–81.CrossrefGoogle Scholar
  • Cellini R, Lambertini L (2005) R&D incentives and market structure: Dynamic analysis. J. Optim. Theory Appl. 126(1):85–96.CrossrefGoogle Scholar
  • Chen L, Leneutre J (2009) A game theoretical framework on intrusion detection in heterogeneous networks. IEEE Trans. Inform. Forensics Security 4(2):165–178.CrossrefGoogle Scholar
  • Cremonini M, Nizovtsev D (2009) Risks and benefits of signaling information system characteristics to strategic attackers. J. Management Inform. Systems 26(3):241–274.CrossrefGoogle Scholar
  • Dockner E, Jergensen S, Long NV, Sorger G (2000) Differential Games in Economics and Management Science (Cambridge University Press, Cambridge, UK).CrossrefGoogle Scholar
  • Feichtinger G, Novak AJ (2008) Terror and counterterror operations: Differential game with cyclical Nash solution. J. Optim. Theory Appl. 139(3):541–556.CrossrefGoogle Scholar
  • Gal-Or E, Ghose A (2005) The economic incentives for sharing security information. Inform. Systems Res. 16(2):186–208.LinkGoogle Scholar
  • Gao X, Zhong W, Mei S (2012) On local stability of Cournot models with simultaneous and sequential decisions. Math. Soc. Sci. 63(3):207–212.CrossrefGoogle Scholar
  • Gao X, Zhong W, Mei S (2013a) Stochastic evolutionary game dynamics and their selection mechanisms. Comput. Econom. 41(2):233–247.CrossrefGoogle Scholar
  • Gao X, Zhong W, Mei S (2013b) Security investment and information sharing under an alternative security breach probability function. Inform. Syst. Front. Forthcoming.Google Scholar
  • Gordon LA, Loeb MP (2002) The economics of information security investment. ACM Trans. Inform. System Security 5(4):438–457.CrossrefGoogle Scholar
  • Gordon LA, Loeb MP, Lucyshyn W (2003) Sharing information on computer systems security: An economic analysis. J. Accounting Public Policy 22(6):461–485.CrossrefGoogle Scholar
  • Hamill JT, Deckro RF, Kloeber JM Jr (2005) Evaluating information assurance strategies. Decision Support Systems 39(3):463–484.CrossrefGoogle Scholar
  • Han X, Tan Q (2010) Dynamical behavior of computer virus on internet. Appl. Math. Comput. 217(6):2520–2526.CrossrefGoogle Scholar
  • Haphuriwat N, Bier VM, Willis HH (2011) Deterring the smuggling of nuclear weapons in container freight through detection and retaliation. Decision Anal. 8(2):88–102.LinkGoogle Scholar
  • Hausken K (2006) Income, interdependence, and substitution effects affecting incentives for security investment. J. Accounting Public Policy 25(6):629–665.CrossrefGoogle Scholar
  • Hausken K (2007) Information sharing among firms and cyber attacks. J. Accounting Public Policy 26(6):639–688.CrossrefGoogle Scholar
  • Hausken K (2008a) Whether to attack a terrorist's resource stock today or tomorrow. Games Econom. Behav. 64(2):548–564.CrossrefGoogle Scholar
  • Hausken K (2008b) Strategic defense and attack for series and parallel reliability systems. Eur. J. Oper. Res. 186(2):856–881.CrossrefGoogle Scholar
  • Hausken K (2011) Strategic defense and attack of series systems when agents move sequentially. IIE Trans. 43(7):483–504.CrossrefGoogle Scholar
  • Hausken K, Bier VM (2011) Defending against multiple different attackers. Eur. J. Oper. Res. 211(2):370–384.CrossrefGoogle Scholar
  • Hausken K, Levitin G (2012) Review of systems defense and attack models. Internat. J. Performance Engrg. 8(4):355–366.Google Scholar
  • Hausken K, Zhuang J (2011) Governments' and terrorists' defense and attack in a t-period game. Decision Anal. 8(1):46–70.LinkGoogle Scholar
  • Hausken K, Zhuang J (2012) The timing and deterrence of terrorist attacks due to exogenous dynamics. J. Oper. Res. Soc. 63(6):726–735.CrossrefGoogle Scholar
  • Hausken K, Bier VM, Zhuang J (2009) Defending against terrorism, natural disaster, and all hazards. Bier VM, Azaiez MN, eds. Game Theoretic Risk Analysis of Security Threats (Springer, New York), 65–97.CrossrefGoogle Scholar
  • He F, Zhuang J (2012) Modelling “contracts” between a terrorist group and a government in a sequential game. J. Oper. Res. Soc. 63(6):790–809.CrossrefGoogle Scholar
  • Levitin G, Hausken K (2012) Resource distribution in multiple attacks with imperfect detection of the attack outcome. Risk Anal. 32(2):304–318.CrossrefGoogle Scholar
  • Liu D, Ji Y, Mookerjee V (2011) Knowledge sharing and investment decisions in information security. Decision Support Systems 52(1):95–107.CrossrefGoogle Scholar
  • Merrick JRW, McLay LA (2010) Is screening cargo containers for smuggled nuclear threats worthwhile? Decision Anal. 7(2):155–171.LinkGoogle Scholar
  • Mookerjee V, Mookerjee R, Bensoussan A, Yue WT (2011) When hackers talk: Managing information security under variable attack rates and knowledge dissemination. Inform. Systems Res. 22(3):606–623.LinkGoogle Scholar
  • Novak AJ, Feichtinger G, Leitmann G (2010) A differential game related to terrorism: Nash and Stackelberg strategies. J. Optim. Theory Appl. 144(3):533–555.CrossrefGoogle Scholar
  • Piqueira JRC, de Vasconcelos AA, Gabriel CECJ, Araujo VO (2008) Dynamic models for computer viruses. Comput Security 27(7–8):355–359.CrossrefGoogle Scholar
  • Ransbotham S, Mitra S, Ramsey J (2012) Are markets for vulnerabilities effective? MIS Quart. 36(1):43–64.CrossrefGoogle Scholar
  • Samuel A, Guikema SD (2012) Resource allocation for homeland defense: Dealing with the team effect. Decision Anal. 9(3):238–252.LinkGoogle Scholar
  • Sarin RK, Keller LR (2013) From the editors—probability approximations, anti-terrorism strategy, and bull's-eye display for performance feedback. Decision Anal. 10(1):1–5.LinkGoogle Scholar
  • Ulvila JW, Gaffney JE Jr (2004) A decision analysis method for evaluating computer intrusion detection systems. Decision Anal. 1(1):35–50.LinkGoogle Scholar
  • Viscolani B, Zaccour G (2009) Advertising strategies in a differential game with negative competitor's interference. J. Optim. Theory Appl. 140(1):153–170.CrossrefGoogle Scholar
  • Wang QH, Yue WT, Hui KL (2012) Do hacker forums contribute to security attacks? Shaw MJ, Zhang D, Yue WT, eds. E-Life: Web-Enabled Convergence of Commerce, Work, and Social Life Lecture Notes in Business Information Processing, Vol. 108 (Springer, Berlin Heidelberg), 143–152.CrossrefGoogle Scholar
  • Yue WT, Çakanyildirim M (2007) Intrusion prevention in information systems: Reactive and proactive responses. J. Management Inform. Systems 24(1):329–353.CrossrefGoogle Scholar
  • Zhao X, Fang F, Whinston AB (2008) An economic mechanism for better internet security. Decision Support Systems 45(4):811–821.CrossrefGoogle Scholar
  • Zhuang J, Bier VM (2007) Balancing terrorism and natural disasters—defensive strategy with endogenous attacker effort. Oper. Res. 55(5):976–991.LinkGoogle Scholar
  • Zhuang J, Bier VM, Alagoz O (2010) Modeling secrecy and deception in a multiple-period attacker-defender signaling game. Eur. J. Oper. Res. 203(2):409–418.CrossrefGoogle Scholar
  • Zhuang J, Bier VM, Gupta A (2007) Subsidies in interdependent security with heterogeneous discount rates. Eng. Econom. 52(1):1–19.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree