考虑相互依赖性的信息系统安全投资及协调机制

doi:10.12005/orms.2015.0205

运筹与管理 ›› 2015, Vol. 24 ›› Issue (6): 136-142.DOI: 10.12005/orms.2015.0205

考虑相互依赖性的信息系统安全投资及协调机制

顾建强, 梅姝娥, 仲伟俊

东南大学经济管理学院,江苏南京 211189

收稿日期:2013-12-12 出版日期:2015-12-25
作者简介:顾建强(1979-),男,江苏泰州人,博士研究生,研究方向:信息系统安全投资策略及风险管理;梅姝娥(1968-),女,江苏南通人,博士生导师,教授,研究方向:信息安全经济学,决策理论;仲伟俊(1962-),男,江苏南通人,博士生导师,教授,研究方向:信息管理与信息系统。
基金资助:
国家自然科学基金资助项目(71071033)

Dynamic Coordination Mechanism of Information System Security Investment Based on Interdependent Security

GU Jian-qiang, MEI Shu-e, ZHONG Wei-jun

School of Economics and Management, Southeast University, Nanjing 211189, China

Received:2013-12-12 Online:2015-12-25

摘要/Abstract

摘要： 考虑信息系统安全相互依赖情形下最优化信息系统连续时间安全投资水平是一个值得研究的问题。首先讨论了非合作博弈下信息系统安全投资的最优策略选择,在此基础上讨论了安全投资效率参数、黑客学习能力、传染风险对信息系统脆弱性及信息系统安全投资率的影响。其次,在推导出两企业在合作博弈情形下最优策略选择的基础上,对比两种情形下的博弈均衡结果,得出合作博弈下的投资水平高于非合作博弈下的投资水平。原因是两个企业的相互依赖关系隐含着企业投资的负外部性,从而导致企业投资不足。最后,构建一种双边支付激励机制消除企业投资不足问题,从而使企业达到合作博弈下的最优投资水平,提高两个企业的收益。

关键词: 信息系统安全投资, 合作协调, 微分博弈, 相互依赖的安全

Abstract: Optimizing continuous time information system security investment decisions of firms in the case of interdependent security is worthing studying. First, we employ the methodology of differential games to investigate two firms’ optimal investment strategies in the Nash non-cooperative game. In this general non-cooperative information system security investment game situation,the influence on the equilibrium vulnerability (security investment rate)is studied when three important elements(investment efficiency parameter,hackers’ learning effect, pidemic risk)are changed .Then the optimal action selection of two partners in the cooperative game situation is analyzed. After comparing these two game equilibrium results,it is found that symmetric firms maintain a higher rate of security investment under cooperative situation. The application of executing a bilateral compensation scheme is one of the measures to achieve the equilibrium which under coordination.

Key words: information system security investment, coordination, differential game, interdependent secuurity

中图分类号:

TP309

顾建强, 梅姝娥, 仲伟俊. 考虑相互依赖性的信息系统安全投资及协调机制[J]. 运筹与管理, 2015, 24(6): 136-142.

GU Jian-qiang, MEI Shu-e, ZHONG Wei-jun. Dynamic Coordination Mechanism of Information System Security Investment Based on Interdependent Security[J]. Operations Research and Management Science, 2015, 24(6): 136-142.

参考文献

[1] Mukhopadhyay T, Kekre S, Kalathur S.Business value of information technology: a study of electronic data interchange[J]. MIS Q, 1995, 19(2): 137-155.
[2] Gordon L A, Loeb M P,Lucyshyn W, Sharing information on computer system security: an economic analysis[J]. Journal of Accounting and Public Policy, 2003, 22(9): 461-485.
[3] 吕俊杰,邱菀华,王元卓.基于相互依赖性的信息安全投资博弈[J].中国管理科学,2006,14(3):7-12.
[4] Hausken K. Income, interdependence, and substitution effects affecting incentives for security investment[J]. Journal of Account Public Policy, 2006, 25(6): 629-665.
[5] Kunreuther H, Heal G. Interdependent security[J]. Journal of Risk and Uncertainty, 2003, 26(2), 231-249.
[6] Garcia A, Horowitz B. The potential for underinvestment in internet security: implications for regulatory policy[J]. Journal of Regulatory Economics, 2007, 31(1): 37-55.
[7] Zhuang J, Bier V M, Gupta A. Subsidies in interdependent security with heterogeneous discount rates[J]. The Engineering Economist, 2007, 52(1): 1-19.
[8] Zhuang J. Impacts of subsidized security on stability and total social costs of equilibrium solutions in an n-player game with errors[J]. The Engineering Economist, 2010, 55(2): 131-149.
[9] Bandyopadhyay T, Jacob V, Raghunathan S. Information security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest[J]. Information Technology and Management, 2010, 11(1): 7-23.
[10] Hausken K. Information sharing among firms and cyber attacks[J]. Journal of Accounting and Public Policy, 2007, 26(6): 639-688.
[11] Mookerjee V, Mookerjee R, Bensoussan A, Yue W T. When hackers talk: managing information security under variable attack rates and knowledge dissemination[J]. Information Systems Research, 2011, 22(3): 606-623.
[12] Png I P L, Wang Q. Information security: user precautions vis-à-vis enforcement against attackers[J]. Journal of Management Information Systems, 2009, 26(2): 97-122.
[13] Cremonini M, Nizovtsev D. Risks and benefits of signaling information system characteristics to strategic attackers[J]. Journal of Management Information Systems, 2009, 26(3): 241-274.

[1]	徐琪, 吴翠, 陈啟. 共享平台下供应链闲置资源动态优化配置策略[J]. 运筹与管理, 2021, 30(9): 86-92.
[2]	李小燕, 李锋. 竞争环境下基于双重微分博弈的低碳供应链动态优化与协调[J]. 运筹与管理, 2021, 30(7): 89-94.
[3]	马德青, 胡劲松. 考虑延迟现象的质量改进投入和营销努力动态协同策略[J]. 运筹与管理, 2021, 30(6): 181-190.
[4]	李保勇, 马德青, 戴更新, 胡劲松. 考虑参考质量效应的“农超对接”供应链动态质量改进策略[J]. 运筹与管理, 2021, 30(5): 52-59.
[5]	易永锡, 程粟粟, 傅春燕. 一个关于跨界污染控制的清洁技术创新微分博弈模型[J]. 运筹与管理, 2021, 30(2): 25-30.
[6]	王威昊, 胡劲松. 线上结合线下的供应链动态服务与定价决策研究[J]. 运筹与管理, 2021, 30(12): 84-91.
[7]	樊自甫, 程姣姣. 基于微分博弈的数据开放策略及合作收益分配机制研究[J]. 运筹与管理, 2021, 30(12): 100-107.
[8]	马永红, 刘海礁, 柳清. 产业集群协同创新知识共享策略的微分博弈研究[J]. 运筹与管理, 2020, 29(9): 82-88.
[9]	徐春秋, 王芹鹏. 考虑政府参与方式的供应链低碳商誉微分博弈模型[J]. 运筹与管理, 2020, 29(8): 35-44.
[10]	鲁馨蔓, 李艳霞, 王君, 余思勤. 云服务供应链技术创新与动态定价的微分博弈分析[J]. 运筹与管理, 2020, 29(6): 49-57.
[11]	关志民, 曲优, 赵莹. 考虑决策者失望规避的供应链协同绿色创新动态优化与协调研究[J]. 运筹与管理, 2020, 29(5): 96-107.
[12]	刘伟, 丁凯文. 考虑声誉效应的网络众包参与者行为博弈模型及仿真分析[J]. 运筹与管理, 2020, 29(5): 181-188.
[13]	王道平, 王婷婷. 政府奖惩下供应链合作减排与低碳宣传的动态优化[J]. 运筹与管理, 2020, 29(4): 113-120.
[14]	姜跃, 韩水华, 赵洋. 低碳经济下三级供应链动态减排的微分博弈分析[J]. 运筹与管理, 2020, 29(12): 89-97.
[15]	王道平,王婷婷,张博卿. 政府补贴下供应链合作减排的微分博弈[J]. 运筹与管理, 2019, 28(5): 46-55.

考虑相互依赖性的信息系统安全投资及协调机制

Dynamic Coordination Mechanism of Information System Security Investment Based on Interdependent Security

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics