Abstract
This paper presents a formal, quantitative evaluation of the impact of bounded-rational security decision-making subject to limited information and externalities. We investigate a mixed economy of an individual rational expert and several naïve near-sighted agents. We further model three canonical types of negative externalities (weakest-link, best shot and total effort), and study the impact of two information regimes on the threat level agents are facing.
We thank John Chuang for his helpful comments to an earlier version of this paper. This work is supported in part by CyLab at Carnegie Mellon under grant DAAD19-02-1-0389 from the Army Research Office, by the National Science Foundation under ITR awards ANI-0331659 (100x100) and CCF-0424422 (Team for Research in Ubiquitous Secure Technology), and by a University of California MICRO project grant in collaboration with DoCoMo USA Labs.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Acquisti, A., Grossklags, J.: Privacy and rationality in individual decision making. IEEE Security & Privacy 3(1), 26–33 (January–February 2005)
Cavusoglu, H., Raghunathan, S., Yue, W.: Decision-theoretic and game-theoretic approaches to IT security investment. J. Mgt. Info. Sys. 25(2), 281–304 (Fall 2008)
Gordon, L., Loeb, M.: The economics of information security investment. ACM Transactions on Information and System Security 5(4), 438–457 (November 2002)
Grossklags, J., Christin, N., Chuang, J.: Secure or insure? A game-theoretic analysis of information security games. In: Proc. WWW 2008, Beijing, China, pp. 209–218 (April 2008)
Grossklags, J., Christin, N., Chuang, J.: Security and insurance management in networks with heterogeneous agents. In: Proc. ACM EC 2008, Chicago, IL, pp. 160–169 (July 2008)
Grossklags, J., Johnson, B.: Uncertainty in the weakest-link security game. In: Proc. GameNets 2009, Istanbul, Turkey, pp. 673–682 (May 2009)
Grossklags, J., Johnson, B., Christin, N.: The price of uncertainty in security games. In: Proc (online) WEIS 2009, London, UK (June 2009)
Grossklags, J., Johnson, B., Christin, N.: When information improves information security. Tech. rep., UC Berkeley & Carnegie Mellon University, CyLab (February 2009), http://www.cylab.cmu.edu/research/techreports/tr-cylab09004.html
Herley, C.: So long, and no thanks for the externalities: The rational rejection of security advice by users. In: Proc. NSPW 2009, Oxford, UK (September 2009)
Kabooza. Global backup survey: About backup habits, risk factors, worries and data loss of home PCs (January 2009), http://www.kabooza.com/globalsurvey.html
Kunreuther, H., Heal, G.: Interdependent security. Journal of Risk and Uncertainty 26(2-3), 231–249 (March 2003)
NCSA/Symantec. Home user study (October 2008), http://staysafeonline.org/
Schechter, S., Smith, M.: How much security is enough to stop a thief? In: Proc. IFCA FC 2003, Gosier, Guadeloupe, pp. 122–137 (January 2003)
Varian, H.: System reliability and free riding. In: Camp, L., Lewis, S. (eds.) Economics of Information Security, Advances in Information Security, vol. 12, pp. 1–15. Kluwer Academic Publishers, Dordrecht (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Grossklags, J., Johnson, B., Christin, N. (2010). When Information Improves Information Security . In: Sion, R. (eds) Financial Cryptography and Data Security. FC 2010. Lecture Notes in Computer Science, vol 6052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14577-3_37
Download citation
DOI: https://doi.org/10.1007/978-3-642-14577-3_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14576-6
Online ISBN: 978-3-642-14577-3
eBook Packages: Computer ScienceComputer Science (R0)