Journal
JOURNAL OF MANAGEMENT INFORMATION SYSTEMS
Volume 26, Issue 3, Pages 241-274Publisher
ROUTLEDGE JOURNALS, TAYLOR & FRANCIS LTD
DOI: 10.2753/MIS0742-1222260308
Keywords
cost-benefit analysis; crime deterrence; games of complete and incomplete information; information security; information warfare; interdependent strategies; signaling
Ask authors/readers for more resources
The paper uses a game-theoretic setting to examine the interaction between strategic attackers who try to gain unauthorized access to information systems, or targets, and defenders of those targets. Our analysis of the attacker-defender interaction shows that well-protected targets can use signals of their superior level of protection as a deterrence tool. This is due to the fact that, all other things being equal, rational attackers motivated by potential financial gains tend to direct their effort toward less-protected targets. We analyze several scenarios differing in the scope of publicly available information about target parameters and discuss conditions under which greater defenders' ability to signal their security characteristics may improve their welfare. Our results may assist security researchers in devising better defense strategies through the use of deterrence and provide new insight about the efficacy of specific security practices in complex information security environments.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available