Abstract
Information risks generally become a great challenge for individuals and organizations around the world. Managing information risks has involved various tools and approaches, among which self-protection and cyber insurance are two important methods to control the residual risk and improve security level. This paper analyzes these companies’ investment strategies on self-protection and insurance respectively, and presents a company’s best choice in both the weakest-link case and the partial-correlation case. The result shows that for most parameter settings Nash equilibrium could be reached and that the companies’ strategies have an obvious impact on each other.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
H. Varian, System reliability and free riding. Economics of Information Security Kluwer, (2004), pp. 1–15
J. Grossklags, N. Christin, J. Chuang, Secure or insure?: a game-theoretic analysis of information security games, in International Conference on World Wide Web, WWW 2008, Beijing, China, April DBLP, (2008), pp. 209–218
H. Kunreuther, G. Heal, Interdependent security: the case of identical agents. SSRN Electron. J. (2002)
G. Heal, H. Kunreuther, Interdependent security: a general model, in National Bureau of Economic Research, Inc (2004)
J. Kesan, R. Majuca, W. Yurcik, The economic case for cyberinsurance, University of Illinois Legal Working Paper (2004)
J. Bolot, M. Lelarge, Cyber insurance as an incentive for Internet security, in Managing Information Risk and the Economics of Security, (Springer, US, 2009), pp. 269–290
M. Lelarge, J. Bolot, Economic incentives to increase security in the Internet: the case for insurance, in Infocom IEEE, (2009), pp. 1494–1502
H. Ogut, N. Menon, S. Raghunathan, Cyber insurance and IT security investment: impact of interdependent risk, in Proceedings of Weis’ (2005)
H. Ogut, S. Raghunathan, N.M. Menon, Information security risk management through self-protection and insurance, in 2014 25th International Workshop on Database and Expert Systems Applications (DEXA) IEEE Computer Society, (2005), pp. 296–300
R.P. Majuca, W. Yurcik, J.P. Kesan, The evolution of cyberinsurance. ACM Computing Research Repository (CoRR) (2006)
J. C. Bolot, and M. Lelarge, A new perspective on Internet security using insurance, Proceedings—IEEE INFOCOM, (2008), pp. 1948–1956
X. Zhao, L. Xue, A.B. Whinston, Managing interdependent information security risks: cyberinsurance, managed security services, and risk pooling arrangements. J. Manag. Inf. Sys. 30(1), 123–152 (2013)
R. Pal et al., Will cyber-insurance improve network security? a market analysis, in IEEE INFOCOM 2014—IEEE Conference on Computer Communications, (2014), pp. 235–243
N, Christin, J. Grossklags, J. Chuang, Near rationality and competitive equilibria in networked systems, in ACM SIGCOMM Workshop on Practice and Theory of Incentives in Networked Systems ACM,(2014), pp. 213–219
A. Acquisti, J. Grossklags, Privacy and rationality in individual decision making. IEEE Secur. Priv. 3(1), 26–33 (2005)
G. Danezis, R. Anderson, The economics of resisting censorship. IEEE Secur. Priv. Mag. 3(1), 45–50 (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Pan, Bn., Xie, J. (2019). An Optimal Investment Strategy Against Information Security Risks. In: Huang, G., Chien, CF., Dou, R. (eds) Proceeding of the 24th International Conference on Industrial Engineering and Engineering Management 2018. Springer, Singapore. https://doi.org/10.1007/978-981-13-3402-3_28
Download citation
DOI: https://doi.org/10.1007/978-981-13-3402-3_28
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-3401-6
Online ISBN: 978-981-13-3402-3
eBook Packages: Business and ManagementBusiness and Management (R0)