Help
Cart
Skip main navigation

Available Issues

December 4, 2012 - March 5, 2026

Available Issues

December 4, 2012 - March 5, 2026

Information Sharing in Cybersecurity: A Review

Published Online:6 Aug 2019https://doi.org/10.1287/deca.2018.0387

References

  • American Civil Liberties Union (2016) NSA surveillance. Technical report, American Civil Liberties Union. Accessed March 1, 2016, https://www.aclu.org/issues/national-security/privacy-and-surveillance/nsa-surveillance.Google Scholar
  • Ashenden DM, Coles-Kemp L, O’Hara K (2018) Why should I? Cybersecurity, the security of the state and the insecurity of the citizen. Politics Governance 6(2):41–48.CrossrefGoogle Scholar
  • Bandyopadhyay S, Pathak P (2007) Knowledge sharing and cooperation in outsourcing projects—A game theoretic analysis. Decision Support Systems 43(2):349–358.CrossrefGoogle Scholar
  • Broggi JJ (2014) Building on executive order 13,636 to encourage information sharing for cybersecurity purposes. Harvard J. Law Public Policy 37(2):653–676.Google Scholar
  • Burger EW, Goodman MD, Kampanakis P, Zhu KA (2014) Taxonomy model for cyber threat intelligence information exchange technologies. Proc. ACM Workshop Inform. Sharing Collaborative Security (ACM, Scottsdale, Arizona), 51–60.CrossrefGoogle Scholar
  • Butler JK Jr (1999) Trust expectations, information sharing, climate of trust, and negotiation effectiveness and efficiency. Group Organ. Management 24(2):217–238.CrossrefGoogle Scholar
  • Campbell K, Gordon LA, Loeb MP, Zhou L (2003) The economic cost of publicly announced information security breaches: Empirical evidence from the stock market. J. Comput. Security 11(3):431–448.CrossrefGoogle Scholar
  • Cavusoglu H, Mishra B, Raghunathan S (2004) The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. Internat. J. Electronic Commerce 9(1):69–104.CrossrefGoogle Scholar
  • Chakhchoukh Y, Ishii H (2015) Coordinated cyber-attacks on the measurement function in hybrid state estimation. IEEE Trans. Power Systems 30(5):2487–2497.CrossrefGoogle Scholar
  • Chu WHJ, Lee CC (2006) Strategic information sharing in a supply chain. Eur J. Oper. Res. 174(3):1567–1579.CrossrefGoogle Scholar
  • Clover J (2015) Apple speaks out against Cybersecurity Information Sharing Act. MacRumors (October 20), http://www.macrumors.com/2015/10/20/apple-speaks-out-against-cisa/.Google Scholar
  • Cohen FB (1996) A note on distributed coordinated attacks. Comput. Security 15(2):103–121.CrossrefGoogle Scholar
  • Crooks C (2013) Does cybersecurity legislation have a chance? Financial Executive 29(3):18–19.Google Scholar
  • Cybersecurity Information Sharing Act (CISA) (2015) 114th Congress Bill S.754.Google Scholar
  • Dalton RJ (2005) The social transformation of trust in government. Internat. Rev. Sociol. 15(1):133–154.CrossrefGoogle Scholar
  • Dandurand L, Serrano OS (2013) Towards improved cyber security information sharing. Proc. 5th Internat. Conf. Cyber Conflict (IEEE, Tallinn, Estonia), 1–16.Google Scholar
  • Davis G, Garcia A, Zhang W (2009) Empirical analysis of the effects of cyber security incidents. Risk Anal. 29(9):1304–1316.CrossrefGoogle Scholar
  • de Fuentes JM, González-Manzano L, Tapiador J, Peris-Lopez P (2017) PRACIS: Privacy-preserving and aggregatable cybersecurity information sharing. Comput. Security 69:127–141.CrossrefGoogle Scholar
  • de Witte B, Frasca P, Overvest B, Timmer J (2018) Protecting Shared Information in Networks: A Network Security Game with Strategic Attacks (Memorandum Department of Applied Mathematics, Twente, Netherlands).Google Scholar
  • Executive Order 13,636 (2013) Improving critical infrastructure cybersecurity. Federal Register 78(33):1–8.Google Scholar
  • Executive Order 13,691 (2015) Promoting private sector cybersecurity information sharing. Federal Register 80(34):1–7.Google Scholar
  • Ezhei M, Ladani BT (2017) Information sharing vs. privacy: A game theoretic analysis. Expert Systems Applications 88:327–337.CrossrefGoogle Scholar
  • Federal Bureau of Investigation (2015) FBI symposium: Cyber security and your business. Prevention to prosecution. Accessed September 30, 2016, https://www.hselaw.com/news-and-information/events/1017-fbi-symposium-cyber-security-and-your-business.Google Scholar
  • Fiala P (2005) Information sharing in supply chains. Omega 33(5):419–423.CrossrefGoogle Scholar
  • Fischer EA (2014) Cybersecurity issues and challenges: In brief. Report, Congressional Research Service, Washington, DC.Google Scholar
  • Fischer EA, Liu EC, Rollins JW, Theohary CA (2013) The 2013 cybersecurity executive order: Overview and considerations for congress. Report, Congressional Research Service, Washington, DC.Google Scholar
  • Fleming MH, Goldstein E (2012) Metrics for measuring the efficacy of critical-infrastructure-centric cybersecurity information sharing efforts. Working paper, Georgetown University, Washington, DC.Google Scholar
  • Gal-Or E, Ghose A (2004) The economic consequences of sharing security information. Econom. Inform. Security 16(2):95–104.CrossrefGoogle Scholar
  • Gal-Or E, Ghose A (2005) The economic incentives for sharing security information. Inform. Systems Res. 16(2):186–208.LinkGoogle Scholar
  • Gao X, Zhong W, Mei S (2013a) A differential game approach to information security investment under hackers knowledge dissemination. Oper. Res. Lett. 41(5):421–425.CrossrefGoogle Scholar
  • Gao X, Zhong W, Mei S (2013b) Information security investment when hackers disseminate knowledge. Decision Anal. 10(4):352–368.LinkGoogle Scholar
  • Gao X, Zhong W, Mei S (2014) A game-theoretic analysis of information sharing and security investment for complementary firms. J. Oper. Res. Soc. 65(11):1–10.CrossrefGoogle Scholar
  • Gao X, Zhong W, Mei S (2015) Security investment and information sharing under an alternative security breach probability function. Inform. Systems Frontiers 17(2):423–438.CrossrefGoogle Scholar
  • Garrido-Pelaz R, González-Manzano L, Pastrana S (2016) Shall we collaborate? A model to analyse the benefits of information sharing. Proc. ACM Workshop Inform. Sharing Collaborative Security (ACM, Vienna, Austria), 15–24.Google Scholar
  • Geers K (2010) The challenge of cyber attack deterrence. Comput. Law Security Rev. 26(3):298–303.CrossrefGoogle Scholar
  • Ghose A (2007) Information disclosure and regulatory compliance: Economic issues. Gupta M, Upadhyaya S, eds. Managing Information Assurance in Financial Services (IGI Global, Hershey, PA), 304–317.CrossrefGoogle Scholar
  • Ghose A, Hausken K (2006) A strategic analysis of information sharing among cyber attackers. Working paper, New York University, New York.Google Scholar
  • Ghose A, Rajan U (2006) The economic impact of regulatory information disclosure on information security investments, competition, and social welfare. Proc. 5th Annual Workshop Econom. Inform. Security (ACM, New York).Google Scholar
  • Gillibrand S, Schumer S (2015) Stop #BrowserSpying! Don’t let congress expand the patriot act. Accessed January 30, 2015, http://www.decidethefuture.org/.Google Scholar
  • Glass P (2015) Why don’t maritime companies want to report cyber attacks? WorkBoat (October 15), https://www.workboat.com/blogs/washington-watch/why-are-maritime-companies-reluctant-to-report-cyber-attacks/.Google Scholar
  • Gong L, Zhang X (2014) Study of the game theory analysis and incentive mechanism of inter-organizational knowledge sharing in cooperative R&D. IERI Procedia 10:266–273.CrossrefGoogle Scholar
  • Goodwin C, Nicholas JP (2015) A Framework for Cybersecurity Information Sharing and Risk Reduction (Microsoft, Redmond, WA).Google Scholar
  • Gordon LA, Loeb MP (2002) The economics of information security investment. ACM Trans. Inform. System Security 5(4):438–457.CrossrefGoogle Scholar
  • Gordon LA, Loeb MP, Lucyshyn W (2003) Sharing information on computer systems security: An economic analysis. J. Accounting Public Policy 22(6):461–485.CrossrefGoogle Scholar
  • Gordon LA, Loeb MP, Lucyshyn W, Sohail T (2006) The impact of the Sarbanes-Oxley act on the corporate disclosures of information security activities. J. Accounting Public Policy 25(5):503–530.CrossrefGoogle Scholar
  • Gordon LA, Loeb MP, Lucyshyn W, Zhou L (2015) The impact of information sharing on cybersecurity underinvestment: A real options perspective. J. Accounting Public Policy 34(5):509–519.CrossrefGoogle Scholar
  • Government Accountability Office (2018) Urgent actions are needed to address cybersecurity challenges facing the nation. Technical report, The United States Government Accountability Office, Washington, DC.Google Scholar
  • Groves T, Loeb M (1975) Incentives and public inputs. J. Public Econom. 4(3):211–226.CrossrefGoogle Scholar
  • Gyenes R (2013) A voluntary cybersecurity framework is unworkable—Government must crack the whip. J. Tech. Law Policy 14:293–314.CrossrefGoogle Scholar
  • Hämmerli BM (2014) Voluntary information sharing chapter 3. Technical report, Critical Infrastructures Preparedness and Resilience Research Network, Munchen, Germany.Google Scholar
  • Harrison K, White G (2012) Information sharing requirements and framework needed for community cyber incident detection and response. Proc. IEEE Internat. Conf. Tech. Homeland Security (IEEE, Piscataway, NJ), 463–469.CrossrefGoogle Scholar
  • Hausken K (2006) Income, interdependence, and substitution effects affecting incentives for security investment. J. Accounting Public Policy 25(6):629–665.CrossrefGoogle Scholar
  • Hausken K (2007) Information sharing among firms and cyber attacks. J. Accounting Public Policy 26(6):639–688.CrossrefGoogle Scholar
  • Hausken K (2015) A strategic analysis of information sharing among cyber hackers. J. Inform. Systems Tech. Management 12(2):245–270.CrossrefGoogle Scholar
  • Hausken K (2017a) Information sharing among cyber hackers in successive attacks. Internat. Game Theory Rev. 19(2):1750010.CrossrefGoogle Scholar
  • Hausken K (2017b) Security investment, hacking, and information sharing between firms and between hackers. Games 8(2):23.CrossrefGoogle Scholar
  • He M, Devine L, Zhuang J (2018) Perspectives on cybersecurity information sharing among multiple stakeholders using a decision-theoretic approach. Risk Anal. 38(2):215–225.CrossrefGoogle Scholar
  • Heidenreich J (2015) The privacy issues presented by the cybersecurity information sharing act. North Dakota Law Rev. 91(2):395–410.Google Scholar
  • Hepworth A (2016) Insider cyber leaks posing huge problems. The Australian (August 30), 22.Google Scholar
  • Hernandez-Ardieta JL, Tapiador JE, Suarez-Tangil G (2013) Information sharing models for cooperative cyber defence. Proc. 5th Internat. Conf. Cyber Conflict (IEEE, Piscataway, NJ), 1–28.Google Scholar
  • Howard JD (1997) An analysis of security incidents on the internet 1989-1995. Technical report, Carnegie-Mellon University, Pittsburgh, PA.Google Scholar
  • Johnson C, Badger L, Waltermire D, Snyder J, Skorupka C (2016) Guide to cyber threat information sharing. Report, National Institute of Standards and Technology, Gaithersburg, MD.Google Scholar
  • Juniper (2018) Cybercrime will cost businesses over $2 trillion by 2019. Accessed September 10, 2018, https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion.Google Scholar
  • Kamhoua C, Martin A, Tosh DK, Kwiat KA, Heitzenrater C, Sengupta S (2015) Cyber-threats information sharing in cloud computing: A game theoretic approach. Proc. IEEE Internat. Conf. Cyber Security Cloud Comput. (IEEE, Piscataway, NJ), 382–389.CrossrefGoogle Scholar
  • Kampanakis P (2014) Security automation and threat information-sharing options. IEEE Security Privacy 12(5):42–51.CrossrefGoogle Scholar
  • Khouzani A, Pham V, Cid C (2014) Strategic discovery and sharing of vulnerabilities in competitive environments. Proc. Internat. Conf. Decision Game Theory Security (Springer International Publishing, Los Angeles, CA), 59–78.CrossrefGoogle Scholar
  • Kjaerland M (2005) A classification of computer security incidents based on reported attack data. J. Investigative Psych. Offender Profiling 2(2):105–120.CrossrefGoogle Scholar
  • Kulikova O, Heil R, van den Berg J, Pieters W (2012) Cyber crisis management: A decision-support framework for disclosing security incident information. Proc. Internat. Conf. Cyber Security (IEEE, Washington, DC), 103–112.CrossrefGoogle Scholar
  • Lachmann M, Sell G, Jablonka E (2000) On the advantages of information sharing. Proc. Biol. Sci. Roy. Soc. 267(1450):1287–1293.CrossrefGoogle Scholar
  • Laube S, Böhme R (2015) Mandatory security information sharing with authorities: Implications on investments in internal controls. Proc. Second ACM Workshop Inform. Sharing Collaborative Security (ACM, New York), 31–42.CrossrefGoogle Scholar
  • Laube S, Rainer B (2016) The economics of mandatory security breach reporting to authorities. J. Cybersecurity 2(1):29–41.CrossrefGoogle Scholar
  • Layfield R, Kantarcioglu M, Thuraisingham B (2008) Incentive and trust issues in assured information sharing. Proc. Internat. Conf. Collaborative Comput.: Networking Appl. Worksharing (Springer, Berlin, Heidelberg), 113–125.Google Scholar
  • Lemanski M (2015) A survey of digital privacy rights under CISA. Preprint arXiv:1512.06317, submitted December 20, http://arxiv.org/abs/1512.06317.Google Scholar
  • Lewis R, Louvieris P, Abbott P, Clewley N, Jones K (2014) Cybersecurity information sharing: A framework for sustainable information security management in UK SME supply chains. Proc. Ed. Collaborative Internat. Schools, Tel Aviv, Israel.Google Scholar
  • Li S, Lin B (2006) Accessing information sharing and information quality in supply chain management. Decision Support Systems 42(3):1641–1656.CrossrefGoogle Scholar
  • Liberati A, Altman DG, Tetzlaff J, Murlow C, Gotzsche PC, Loannidis JP, Clarke M, Devereaux PJ, Kleijnen J, Moher D (2009) The PRISMA statement for reporting systematic reviews and meta-analyses of studies that evaluate health care interventions: Explanation and elaboration. PLoS Medicine 6(7):e1000100.CrossrefGoogle Scholar
  • Liu D, Ji Y, Mookerjee V (2011) Knowledge sharing and investment decisions in information security. Decision Support Systems 52(1):95–107.CrossrefGoogle Scholar
  • Liu EC, Stevens G, Ruane KA, Dolan AM, Thompson RM (2012) Cybersecurity: Selected legal issues. Report, Congressional Research Service, Washington, DC.Google Scholar
  • Liu P, Chetal A (2005) Trust-based secure information sharing between federal government agencies. J. Amer. Soc. Inform. Sci. Tech. 56(3):283–298.CrossrefGoogle Scholar
  • McKeown E, Storm-Smith E (2016) New legislation strengthens legal protections for cybersecurity information-sharing. Intellectual Property Tech. Law J. 28(5):17.Google Scholar
  • Mookerjee V, Mookerjee R, Bensoussan A, Yue WT (2011) When hackers talk: Managing information security under variable attack rates and knowledge dissemination. Inform. Systems Res. 22(3):606–623.LinkGoogle Scholar
  • Moore T, Friedman A, Procaccia AD (2010) Would a ‘cyber warrior’ protect us: Exploring trade-offs between attack and defense of information systems. Proc. New Security Paradigms Workshop (ACM, New York), 85–94.CrossrefGoogle Scholar
  • Mtsweni J, Shozi NA, Matenche K, Mutemwa M, Mkhonto N, Jansen van Vuuren J (2016) Development of a semantic-enabled cybersecurity threat intelligence sharing model. Proc. 11th Internat. Conf. Cyber Warfare Security, Boston, MA, 244–252.Google Scholar
  • Naghizadeh P, Liu M (2016a) Inter-temporal incentives in security information sharing agreements. Proc. Inform. Theory Applications Workshop (IEEE, Piscataway, NJ), 1–8.CrossrefGoogle Scholar
  • Naghizadeh P, Liu M (2016b) On the role of public and private assessments in security information sharing agreements. Working paper, Purdue University, West Lafayette, IN.Google Scholar
  • Nagurney A, Shukla S (2017) Multifirm models of cybersecurity investment competition vs. cooperation and network vulnerability. Eur. J. Oper. Res. 260(2):588–600.CrossrefGoogle Scholar
  • National Security Agency (2017) What is NSA’s role in U.S. cybersecurity? Technical report, National Security Agency, Washington, DC.Google Scholar
  • Newberry ME (2014) Maritime critical infrastructure cyber risk. Coast Guard J. Safety Security Sea 71(4):42–44.Google Scholar
  • Nizovtsev D, Thursby M (2007) To disclose or not? An analysis of software user behavior. Inform. Econom. Policy 19(1):43–64.CrossrefGoogle Scholar
  • Nolan A (2015) Cybersecurity and information sharing: Legal challenges and solutions. Report, Congressional Research Service, Washington, DC.Google Scholar
  • Nye JS, Zelikow PD, King DC (1997) Why people don’t trust government. Political Sci. Quart. 113(1):141–142.Google Scholar
  • Özer Ö, Zheng Y, Chen KY (2011) Trust in forecast information sharing. Management Sci. 57(6):1111–1137.LinkGoogle Scholar
  • Papadopoulos C, Lindell R, Mehringer J, Hussain A, Govindan R (2003) Cossack: Coordinated suppression of simultaneous attacks. Proc. DARPA Inform. Survivability Conf. Exposition, vol. 1 (IEEE, Piscataway, NJ), 2–13.CrossrefGoogle Scholar
  • Payyappalli VM, Zhuang J, Jose VRR (2017) Deterrence and risk preferences in sequential attacker—Defender games with continuous efforts. Risk Anal. 37(11):2229–2245.CrossrefGoogle Scholar
  • Pendergrass WS (2013) What is Anonymous? A Case Study of an Information Systems Hacker Activist Collective Movement. Unpublished dissertation, Robert Morris University, Pittsburgh, PA.Google Scholar
  • Petrasic K, Bornfreund M (2016) CISA guidance clarifies how to share cyber threat information but issues remain. Technical report, White & Case, New York.Google Scholar
  • PricewaterhouseCoopers (2015) US cybersecurity: Progress stalled key findings from the 2015 US state of cybercrime survey. Technical report, PricewaterhouseCoopers LLP, London, UK.Google Scholar
  • Prieto D (2006) Information sharing with the private sector. Seeds of Disaster, Roots of Response. How Private Action Can Reduce Public Vulnerability (Cambridge University Press, Cambridge, UK), 404–428.CrossrefGoogle Scholar
  • Qamar S, Anwar Z, Rahman MA, Al-Shaer E, Chu BT (2017) Data-driven analytics for cyber-threat intelligence and information sharing. Comput. Security 67:35–58.CrossrefGoogle Scholar
  • Rawat DB, Njilla L, Kwiat K, Kamhoua C (2018) iShare: Blockchain-based privacy-aware multi-agent information sharing games for cybersecurity. Proc. Internat. Conf. Comput. Networking Comm. (IEEE, Piscataway, NJ), 425–431.CrossrefGoogle Scholar
  • Raymond ES (1999) The Cathedral and the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary (Oreilly, Sebastopol, CA).CrossrefGoogle Scholar
  • Ring T (2014) Threat intelligence: Why people don’t share. Computer Fraud Security 2014(3):5–9.CrossrefGoogle Scholar
  • Riquet D, Grimaud G, Hauspie M (2012) Large-scale coordinated attacks: Impact on the cloud security. Proc. Internat. Conf. Innovative Mobile Internet Services Ubiquitous Comput. (IEEE, Piscataway, NJ), 558–563.CrossrefGoogle Scholar
  • Ritchie C (2000) A look at the security of the open source development model. Technical report, Oregon State University, Corvallis, OR.Google Scholar
  • Robinson N, Disley E (2010) Incentives and Challenges for Information Sharing in the Context of Network and Information Security, vol. 55 (European Network and Information Security Agency, Heraklion, Greece.).Google Scholar
  • Rocha Flores W, Antonsen E, Ekstedt M (2014) Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Comput. Security 43:90–110.CrossrefGoogle Scholar
  • Rodin DN (2014) The cybersecurity partnership: A proposal for cyberthreat information sharing between contractors and the federal government. Public Contract Law J. 44(3):505–528.Google Scholar
  • Rutkowski A, Kadobayashi Y, Furey I, Rajnoivc D, Martin R, Takahashi T (2010) CYBEX: The cybersecurity information exchange framework. ACM Sigcomm. 40(5):59–64.CrossrefGoogle Scholar
  • Sarbanes-Oxley Act (SOX) (2002) 107th Congress Bill H.R. 3763.Google Scholar
  • Sedenberg EM, Mulligan DK (2015) Public health as a model for cybersecurity information sharing. Berkeley Tech. Law J. 30(3):1687–1740.Google Scholar
  • Segalis B, Hoffman A (2016) U.S. government publishes cisa guidance for cybersecurity information sharing. Technical report, Norton Rose Fulbright, London, UK.Google Scholar
  • Shan X, Zhuang J (2014) Modeling credible retaliation threats in deterring the smuggling of nuclear weapons using partial inspectiona three-stage game. Decision Anal. 11(1):43–62.LinkGoogle Scholar
  • Sharf E (2016) Information exchanges: Regulatory changes to the cyber-security industry after Brexit: Making security awareness training work. Comput. Fraud Security 2016(7):9–12.CrossrefGoogle Scholar
  • Skopik F, Settanni G, Fiedler R (2016) A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Comput. Security 60:154–176.CrossrefGoogle Scholar
  • Skopik F, Wurzenberger M, Settanni G, Fiedler R (2015) Establishing national cyber situational awareness through incident information clustering. Proc. Internat. Conf. Cyber Situational Awareness Data Analytics Assessment (IEEE, Piscataway, NJ).CrossrefGoogle Scholar
  • Staniford-Chen S, Tung B, Porras P, Kahn C, Schnackenberg D, Feiertag R, Stillman M (1998) The common intrusion detection framework–data formats. Accessed May 15, 2016, https://tools.ietf.org/html/draft-staniford-cidf-data-formats-00.Google Scholar
  • StopCyberSpying (2017) Stop cyber surveillance. Accessed December 21, 2017, https://stopcyberspying.com/.Google Scholar
  • Swire PP (2006) Privacy and information sharing in the war on terrorism. Villanova Law Rev. 51(4):101–130.Google Scholar
  • Symantec (2018) 2018 Internet security threat report. Accessed September 30, 2018, https://www.rsa.com/en-us/company/newsroom/rsa-research-75-of-organizations-are-at-significant-risk-of-cyber-incidents.Google Scholar
  • Takahashi T, Kadobayashi Y (2011) 3-5 cybersecurity information exchange techniques: Cybersecurity information ontology and cybex. J. Natl. Institute Inform. Comm. Tech. 58(3/4):127–135.Google Scholar
  • Takahashi T, Kadobayashi Y (2014) Reference ontology for cybersecurity operational information. Comput. J. 58(10):2297–2312.CrossrefGoogle Scholar
  • Takahashi T, Fujiwara H, Kadobayashi Y (2010) Building ontology of cybersecurity operational information. Proc. Sixth Annual Workshop Cyber Security Inform. Intelligence Res., vol. 7 (ACM), Oak Ridge, TN, USA, 79–88.CrossrefGoogle Scholar
  • Takahashi T, Panta B, Kadobayashi Y, Nakao K (2018) Web of cybersecurity: Linking, locating, and discovering structured cybersecurity information. Internat. J. Comm. Systems 31(3):e3470.CrossrefGoogle Scholar
  • Telecommunications Industry Association (2018a) Proposed budget of the U.S. government for cyber security in FY 2017 to 2019. Accessed September 22, 2018, https://www.statista.com/statistics/675399/us-government-spending-cyber-security/.Google Scholar
  • Telecommunications Industry Association (2018b) Spending on cybersecurity in the United States from 2010 to 2018. Accessed September 22, 2018, https://www.statista.com/statistics/615450/cybersecurity-spending-in-the-us/.Google Scholar
  • Tosh D, Sengupta S, Kamhoua C, Kwiat K, Martin A (2015a) An evolutionary game-theoretic framework for cyber-threat information sharing. Proc. IEEE Internat. Conf. Comm. (IEEE, Piscataway, NJ), 7341–7346.CrossrefGoogle Scholar
  • Tosh DK, Molloy M, Sengupta S, Kamhoua CA, Kwiat KA (2015b) Cyber-investment and cyber-information exchange decision modeling. Proc. IEEE 17th Internat. Conf. High Performance Comput. Comm., IEEE 7th Internat. Sympos. Cyberspace Safety Security, IEEE 12th Internat. Conf. Embedded Software Systems (IEEE, Piscataway, NJ), 1219–1224.CrossrefGoogle Scholar
  • Tosh DK, Sengupta S, Mukhopadhyay S, Kamhoua CA, Kwiat KA (2016) Game theoretic modeling to enforce security information sharing among firms. Proc. Second Internat. Conf. Cyber Security Cloud Comput. (IEEE, Piscataway, NJ), 7–12.Google Scholar
  • Tosh DK, Shetty S, Sengupta S, Kesan JP, Kamhoua CA (2017a) Risk management using cyber-threat information sharing and cyber-insurance. Proc. Internat. Conf. Game Theory Networks (Springer, Cham, Switzerland), 154–164.CrossrefGoogle Scholar
  • Tosh DK, Vakilinia I, Shetty S, Sengupta S, Kamhoua CA, Njilla L, Kwiat K (2017b) Three layer game theoretic decision framework for cyber-investment and cyber-insurance. Proc. Internat. Conf. Decision Game Theory Security (Springer, Cham, Switzerland), 519–532.CrossrefGoogle Scholar
  • U.S. Department of Homeland Security (2016) Information sharing. Technical report, U.S. Department of Homeland Security, Washington, DC.Google Scholar
  • U.S. Department of Homeland Security and U.S. Department of Justice (2015) Privacy and civil liberties interim guidelines: Cybersecurity information sharing act of 2015. Technical report, U.S. Department of Homeland Security, Department of Justice, Washington, DC.Google Scholar
  • Vakilinia I, Sengupta S (2017a) A coalitional game theory approach for cybersecurity information sharing. Proc. IEEE Military Comm. Conf. (IEEE), Baltimore, 237–242.CrossrefGoogle Scholar
  • Vakilinia I, Sengupta S (2017b) Evolving sharing strategies in cybersecurity information exchange framework. Proc. Genetic Evolutionary Comput. Conf. Companion (ACM, New York), 309–310.CrossrefGoogle Scholar
  • Vakilinia I, Tosh DK, Sengupta S (2017a) 3-way game model for privacy-preserving cybersecurity information exchange framework. Proc. IEEE Military Comm. Conf. (IEEE, Piscataway, NJ), 829–834.CrossrefGoogle Scholar
  • Vakilinia I, Tosh DK, Sengupta S (2017b) Attribute based sharing in cybersecurity information exchange framework. Proc. Internat. Sympos. Performance Evaluation Comput. Telecomm. Systems (IEEE, Piscataway, NJ), 1–6.CrossrefGoogle Scholar
  • Vakilinia I, Tosh DK, Sengupta S (2017c) Privacy-preserving cybersecurity information exchange mechanism. Proc. Internat. Sympos. Performance Evaluation Comput. Telecommun. Systems (IEEE, Piscataway, NJ), 1–7.CrossrefGoogle Scholar
  • Vázquez DF, Acosta OP, Spirito C, Brown S, Reid E (2012) Conceptual framework for cyber defense information sharing within trust relationships. Proc. Fourth Internat. Conf. Cyber Conflict (IEEE, Piscataway, NJ), 1–17.Google Scholar
  • Veerasamy N (2017) Cyber threat intelligence exchange: A growing requirement. Proc. 16th Eur. Conf. Cyber Warfare Security, Dublin, Ireland, June 29–30, 513–518.Google Scholar
  • Wakolbinger T, Cruz JM (2011) Supply chain disruption risk management through strategic information acquisition and sharing and risk-sharing contracts. Internat. J. Production Res. 49(13):4063–4084.CrossrefGoogle Scholar
  • White G, Harrison K (2017) State and community information sharing and analysis organizations. Proc. Hawaii Internat. Conf. System Sci. Puako, HI, 2408–2416.CrossrefGoogle Scholar
  • Wikipedia (2018) Information sharing. Accessed January 10, 2018, https://en.wikipedia.org/wiki/Information{_} sharing.Google Scholar
  • Wohlin C (2014) Guidelines for snowballing in systematic literature studies and a replication in software engineering. Proc. 18th Internat. Conf. Evaluation Assessment Software Engrg., vol. 38 (ACM, New York).CrossrefGoogle Scholar
  • Wall Street Journal (2016) Should companies be required to share information about cyberattacks? Wall Street Journal (May 22), https://www.wsj.com/articles/should-companies-be-required-to-share-information-about-cyberattacks-1463968801.Google Scholar
  • Xiong Q, Chen X (2013) Incentive mechanism design based on repeated game theory in security information sharing. Proc. Internat. Conf. Sci. Soc. Res., Beijing, China, 399–401.CrossrefGoogle Scholar
  • Young AL, Quan-Haase A (2009) Information revelation and internet privacy concerns on social network sites: A case study of Facebook. Proc. Internat. Conf. Communities Tech. (ACM, New York), 265–274.CrossrefGoogle Scholar
  • Zhang L, Brodsky A, Jajodia S (2006) Toward information sharing: Benefit and Risk Access Control (BARAC). Proc. IEEE Internat. Workshop Policies Distributed Systems Networks (IEEE, Piscataway, NJ), 9–17.CrossrefGoogle Scholar
  • Zhang X, Tsang A, Yue WT, Chau M (2015) The classification of hackers by knowledge exchange behaviors. Inform. Systems Frontiers 17(6):1239–1251.CrossrefGoogle Scholar
  • Zhao W, White G (2012) A collaborative information sharing framework for community cyber security. IEEE Internat. Conf. Tech. Homeland Security (IEEE, Piscataway, NJ), 457–462.CrossrefGoogle Scholar
  • Zheng DE, Lewis JA (2015) Cyber threat information sharing. Technical report, Center for Strategic and International Studies, Washington, DC.Google Scholar
  • Zhou CV, Leckie C, Karunasekera S (2010) A survey of coordinated attacks and collaborative intrusion detection. Comput. Security 29(1):124–140.CrossrefGoogle Scholar
  • Zhuang J, Bier VM, Alagoz O (2010) Modeling secrecy and deception in a multiple-period attacker–defender signaling game. Eur. J. Oper. Res. 203(2):409–418.CrossrefGoogle Scholar
Previous
Back to Top
Next
INFORMS site uses cookies to store information on your computer. Some are essential to make our site work; Others help us improve the user experience. By using this site, you consent to the placement of these cookies. Please read our Privacy Statement to learn more.
Agree