东南大学学报(英文版)2017,Vol.33Issue(3):377-381,5.DOI:10.3969/j.issn.1003-7985.2017.03.019
考虑黑客攻击下的信息系统安全投资策略分析
Investment strategy analysis of information system security in consideration of attackers
摘要
Abstract
In order to solve the problem of how a firm makes an optimal choice in developing information systems when faced with the following three modes: development by its own efforts, outsourcing them to a managed security service provider(MSSP) and cooperating with the MSSP, the firm's optimal investment strategies are discussed by modeling and analyzing the maximum expected utility in the above cases under the condition that the firm plays games with an attacker. The results show that the best choice for a firm is determined by the reasonable range of the cooperative development coefficient and applicable conditions. When the cooperative development coefficient is large, it is more rational for the firm to cooperate with the MSSP to develop the information system. When the cooperative development coefficient is small, it is more rational for the firm to develop the information system by its own efforts. It also shows that the attacker's maximum expected utility increases with the increase in the attacker's breach probability and cost coefficient when the cooperative development coefficient is small. On the contrary, it decreases when the cooperative development coefficient is large.关键词
信息安全经济学/信息安全投资/投资策略/博弈论Key words
information security economics/information security investment/investment strategy/game theory分类
信息技术与安全科学引用本文复制引用
潘崇霞,仲伟俊,梅姝娥..考虑黑客攻击下的信息系统安全投资策略分析[J].东南大学学报(英文版),2017,33(3):377-381,5.基金项目
The National Natural Science Foundation of China (No.71371050). (No.71371050)
