A Game-Theoretic Formulation of Security Investment Decisions under Ex-ante Regulation

Abstract : Data breaches represents a major source of worries (and economic losses) for customers and service providers. We introduce a data breach model that recognizes that breaches can take place on the customer’s premises as well as on the service provider’s side, but the customer bears the economic loss. In order to induce the service provider into investing in security, a regulatory policy that apportions the money loss between the customer and the service provider is introduced. A game-theoretic formulation is given for the strategic interaction to the customer and the service provider, where the former sets the amount of personal information it releases and the latter decides how much to invest in security. The game’s outcome shows that shifting the burden of the money loss due to data breaches towards the service provider spurs its investment in security (though up to moderate levels) and leads the customer to be more confident, but the apportionment must not be too unbalanced for a Nash equilibrium to exist. On the other hand, changes in the probability of data breach of both sides do not affect significantly the service provider’s behaviour, but cause heavy consequences on the customer’s confidence.
Type de document :
Communication dans un congrès
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.412-423, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_34〉
Liste complète des métadonnées

Littérature citée [9 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01518258
Contributeur : Hal Ifip <>
Soumis le : jeudi 4 mai 2017 - 13:45:54
Dernière modification le : jeudi 4 mai 2017 - 14:53:52
Document(s) archivé(s) le : samedi 5 août 2017 - 13:27:45

Fichier

978-3-642-30436-1_34_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Giuseppe D’acquisto, Marta Flamini, Maurizio Naldi. A Game-Theoretic Formulation of Security Investment Decisions under Ex-ante Regulation. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.412-423, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_34〉. 〈hal-01518258〉

Partager

Métriques

Consultations de la notice

154

Téléchargements de fichiers

20