Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment

Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment

Firms have been increasing their information technology (IT) security budgets significantly to deal with increased security threats. An examination of current practices reveals that managers view security investment as any other and use traditional decision-theoretic risk management techniques to de...

Ausführliche Beschreibung

Bibliographische Detailangaben
Veröffentlicht in:Journal of Management Information Systems. - Taylor & Francis, Ltd.. - 25(2008), 2, Seite 281-304
1. Verfasser: Cavusoglu, Huseyin (VerfasserIn)
Weitere Verfasser: Raghunathan, Srinivasan, Yue, Wei T.
Format: Online-Aufsatz
Sprache:English
Veröffentlicht: 2008
Zugriff auf das übergeordnete Werk:Journal of Management Information Systems
Schlagworte:decision theory game theory IT security investments Mathematics Behavioral sciences Economics Applied sciences
LEADER 01000caa a22002652 4500
001 JST049747282
003 DE-627
005 20240621171123.0
007 cr uuu---uuuuu
008 150324s2008 xx |||||o 00| ||eng c
035 |a (DE-627)JST049747282 
035 |a (JST)40398724 
040 |a DE-627  |b ger  |c DE-627  |e rakwb 
041 |a eng 
100 1 |a Cavusoglu, Huseyin  |e verfasserin  |4 aut 
245 1 0 |a Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment 
264 1 |c 2008 
336 |a Text  |b txt  |2 rdacontent 
337 |a Computermedien  |b c  |2 rdamedia 
338 |a Online-Ressource  |b cr  |2 rdacarrier 
520 |a Firms have been increasing their information technology (IT) security budgets significantly to deal with increased security threats. An examination of current practices reveals that managers view security investment as any other and use traditional decision-theoretic risk management techniques to determine security investments. We argue in this paper that this method is incomplete because of thè problem's strategie nature—hackers alter their hacking strategies in response to a firm's investment stratégies. We propose game theory for determining IT security investment levels and compare game theory and decision theory approaches on several dimensions such as the investment levels, vulnerability, and payoff from investments. We show that the sequential game results in the maximum payoff to the firm, but requires that the firm move first before the hacker. Even if a simultaneous game is played, the firm enjoys a higher payoff than that in the décision theory approach, except when the firm's estimate of the hacker effort in the decision theory approach is sufficiently close to the actual hacker effort. We also show that if the firm learns from prior observations of hacker effort and uses thèse to estimate future hacker effort in the decision theory approach, then thè gap between the results of decision theory and game theory approaches diminishes over time. The rate of convergence and the extent of loss the firm suffers before convergence depend on the learning model employed by the firm to estimate hacker effort. 
540 |a Copyright 2008 M.E. Sharpe, Inc. 
650 4 |a decision theory 
650 4 |a game theory 
650 4 |a IT security investments 
650 4 |a Mathematics  |x Applied mathematics  |x Game theory 
650 4 |a Behavioral sciences  |x Psychology  |x Cognitive psychology  |x Decision theory 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial investments  |x Investment strategies 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial investments  |x Investment analysis  |x Investment decisions 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial instruments  |x Financial securities 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial investments  |x Investment returns  |x Investment return rates  |x Return on investment 
650 4 |a Mathematics  |x Applied mathematics  |x Game theory  |x Game theory games  |x Economic games  |x Sequential game 
650 4 |a Applied sciences  |x Computer science  |x Computer engineering  |x Computer technology  |x Information technology 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial management  |x Financial risk  |x Investment risk 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial instruments  |x Financial securities  |x Securities management 
650 4 |a Mathematics  |x Applied mathematics  |x Game theory 
650 4 |a Behavioral sciences  |x Psychology  |x Cognitive psychology  |x Decision theory 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial investments  |x Investment strategies 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial investments  |x Investment analysis  |x Investment decisions 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial instruments  |x Financial securities 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial investments  |x Investment returns  |x Investment return rates  |x Return on investment 
650 4 |a Mathematics  |x Applied mathematics  |x Game theory  |x Game theory games  |x Economic games  |x Sequential game 
650 4 |a Applied sciences  |x Computer science  |x Computer engineering  |x Computer technology  |x Information technology 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial management  |x Financial risk  |x Investment risk 
650 4 |a Economics  |x Economic disciplines  |x Financial economics  |x Finance  |x Financial instruments  |x Financial securities  |x Securities management 
655 4 |a research-article 
700 1 |a Raghunathan, Srinivasan  |e verfasserin  |4 aut 
700 1 |a Yue, Wei T.  |e verfasserin  |4 aut 
773 0 8 |i Enthalten in  |t Journal of Management Information Systems  |d Taylor & Francis, Ltd.  |g 25(2008), 2, Seite 281-304  |w (DE-627)32495817X  |w (DE-600)2033010-8  |x 1557928X  |7 nnns 
773 1 8 |g volume:25  |g year:2008  |g number:2  |g pages:281-304 
856 4 0 |u https://www.jstor.org/stable/40398724  |3 Volltext 
912 |a GBV_USEFLAG_A 
912 |a SYSFLAG_A 
912 |a GBV_JST 
912 |a GBV_ILN_11 
912 |a GBV_ILN_20 
912 |a GBV_ILN_22 
912 |a GBV_ILN_23 
912 |a GBV_ILN_24 
912 |a GBV_ILN_26 
912 |a GBV_ILN_31 
912 |a GBV_ILN_32 
912 |a GBV_ILN_39 
912 |a GBV_ILN_40 
912 |a GBV_ILN_60 
912 |a GBV_ILN_62 
912 |a GBV_ILN_63 
912 |a GBV_ILN_65 
912 |a GBV_ILN_69 
912 |a GBV_ILN_70 
912 |a GBV_ILN_90 
912 |a GBV_ILN_95 
912 |a GBV_ILN_100 
912 |a GBV_ILN_110 
912 |a GBV_ILN_120 
912 |a GBV_ILN_151 
912 |a GBV_ILN_152 
912 |a GBV_ILN_187 
912 |a GBV_ILN_224 
912 |a GBV_ILN_285 
912 |a GBV_ILN_370 
912 |a GBV_ILN_374 
912 |a GBV_ILN_647 
912 |a GBV_ILN_702 
912 |a GBV_ILN_2001 
912 |a GBV_ILN_2003 
912 |a GBV_ILN_2005 
912 |a GBV_ILN_2006 
912 |a GBV_ILN_2007 
912 |a GBV_ILN_2009 
912 |a GBV_ILN_2010 
912 |a GBV_ILN_2011 
912 |a GBV_ILN_2014 
912 |a GBV_ILN_2015 
912 |a GBV_ILN_2018 
912 |a GBV_ILN_2020 
912 |a GBV_ILN_2021 
912 |a GBV_ILN_2025 
912 |a GBV_ILN_2026 
912 |a GBV_ILN_2027 
912 |a GBV_ILN_2034 
912 |a GBV_ILN_2044 
912 |a GBV_ILN_2048 
912 |a GBV_ILN_2050 
912 |a GBV_ILN_2055 
912 |a GBV_ILN_2056 
912 |a GBV_ILN_2057 
912 |a GBV_ILN_2059 
912 |a GBV_ILN_2061 
912 |a GBV_ILN_2065 
912 |a GBV_ILN_2068 
912 |a GBV_ILN_2088 
912 |a GBV_ILN_2093 
912 |a GBV_ILN_2106 
912 |a GBV_ILN_2107 
912 |a GBV_ILN_2108 
912 |a GBV_ILN_2111 
912 |a GBV_ILN_2112 
912 |a GBV_ILN_2113 
912 |a GBV_ILN_2118 
912 |a GBV_ILN_2119 
912 |a GBV_ILN_2122 
912 |a GBV_ILN_2129 
912 |a GBV_ILN_2143 
912 |a GBV_ILN_2147 
912 |a GBV_ILN_2148 
912 |a GBV_ILN_2152 
912 |a GBV_ILN_2153 
912 |a GBV_ILN_2190 
912 |a GBV_ILN_2232 
912 |a GBV_ILN_2336 
912 |a GBV_ILN_2470 
912 |a GBV_ILN_2472 
912 |a GBV_ILN_2507 
912 |a GBV_ILN_2548 
912 |a GBV_ILN_2949 
912 |a GBV_ILN_2950 
912 |a GBV_ILN_4035 
912 |a GBV_ILN_4037 
912 |a GBV_ILN_4046 
912 |a GBV_ILN_4112 
912 |a GBV_ILN_4125 
912 |a GBV_ILN_4126 
912 |a GBV_ILN_4242 
912 |a GBV_ILN_4246 
912 |a GBV_ILN_4249 
912 |a GBV_ILN_4251 
912 |a GBV_ILN_4305 
912 |a GBV_ILN_4306 
912 |a GBV_ILN_4307 
912 |a GBV_ILN_4313 
912 |a GBV_ILN_4322 
912 |a GBV_ILN_4323 
912 |a GBV_ILN_4324 
912 |a GBV_ILN_4325 
912 |a GBV_ILN_4326 
912 |a GBV_ILN_4335 
912 |a GBV_ILN_4338 
912 |a GBV_ILN_4346 
912 |a GBV_ILN_4393 
912 |a GBV_ILN_4700 
951 |a AR 
952 |d 25  |j 2008  |e 2  |h 281-304