基于相互依赖性的信息安全投资博弈

中国管理科学 ›› 2006, Vol. ›› Issue (3): 7-12.

基于相互依赖性的信息安全投资博弈

吕俊杰¹, 邱菀华¹, 王元卓²

1. 北京航空航天大学经济管理学院, 北京, 100083;
2. 北京科技大学信息工程学院, 北京, 100083

收稿日期:2005-06-30 修回日期:2006-03-23 出版日期:2006-06-28 发布日期:2012-03-07
基金资助:
国家自然科学基金项目(70372011);国家信息安全战略研究与标准制定工作专项项目(TC260-WG1-2005-Y010)

An Analysis of Games of Information Security Investment Based on Interdependent Security

Lü Jun-jie¹, QIU Wan-hua¹, WANG Yuan-zhuo²

1. School of Economics and Management, Beihang University, Beijing 100083, China;
2. Information Engineering School, Beijing University of Science and Technology, Beijing 100083, China

Received:2005-06-30 Revised:2006-03-23 Online:2006-06-28 Published:2012-03-07

摘要/Abstract

摘要： 相互依赖性是现阶段信息安全风险所具备的一个重要特征,网络中企业的信息安全决策会相互影响.本文以企业间的病毒传染为例,依据相互依赖性和威胁侵入类型的多样性,提出了企业间信息安全的投资博弈模型.通过外部性对企业间的依赖程度进行度量,说明了投资风险与企业间的病毒传染的概率和网络中企业数量之间的关系,并根据该关系,确定了多个企业进行信息安全投资的纳什均衡解.

关键词: 信息安全, 相互依赖性, 单次侵入, 多次侵入, 外部性

Abstract: Based on the interdependence,which is an important characteristic of information security and the diversity of invasions,an investment game model is presented in this paper.The paper investigates the investment risk exerted by the contagion between firms in the network.With externality representing the risk,the relationship between investment risks and the interdependent extension and the amount of firms in the network is illustrated.By use of the model,the investment risk and decision are analyzed quantitatively and then several Nash equilibrium solutions are provided further.

Key words: information security, interdependence, single invasion, repetitious invasion, externality

中图分类号:

TP309

吕俊杰, 邱菀华, 王元卓. 基于相互依赖性的信息安全投资博弈[J]. 中国管理科学, 2006, (3): 7-12.

Lü Jun-jie, QIU Wan-hua, WANG Yuan-zhuo. An Analysis of Games of Information Security Investment Based on Interdependent Security[J]. Chinese Journal of Management Science, 2006, (3): 7-12.

参考文献

[1] Information technology-Guidelines for the management of IT Security: ISO/IEC TR 13335[S].
[2] AS/NZS4360: 1999 Risk Manag ement Standard[S].
[3] ISO/IEC 17799 Information security management-part 1: Code of practice for information security management[S].
[4] 刘彤. 构造复杂信息系统安全基线的研究[J]. 中国管理科学, 2000, 11: 636-644
[5] Enders,W. and Sandler, T. Transnational terrorism 1968-2000: Thresholds, persistence, and forecasts [J]. Southern Economic Journal, 2005,(1): 467-483
[6] Sandler, T., Arce M.Pure public goods versus commons:Benefit-cost duality [J]. Land Economics, 2003, 79(3):355-368
[7] Sandler, T., Lapan, H.E.The calculus of dissent: An analysis of terrorists. choice of targets[J]. Synthese, 1988, 76(2): 245-261.
[8] Orszag, Peter, Stiglitz, et al. Optimal Fire Departments: Evaluating Public Policy in the Face of Externalities [C].Brookings Working Paper, 2002, January.
[9] Kunreuther, Howard, Onculer, et al. Time Insensitivity for Protective Measures[J]. Journal of Risk and Uncertainty,1998, 16: 279-299.
[10] Heal, Geoffrey, Kunreuther, et al. You Only Die Once: The General Case of Interdependent Security [C]. Wharton Risk Management and Decision Processes Center Working Paper Philadelphia: University of Pennsy lvania, 2002.
[11] Kunreuther, Howard, Heal, et al. Interdependent Security:The Case of Identical Agents[C]. National Bureau of Economic Research Working Paper Cambridge, MA: National Bureau of Economic Research, 2002.
[12] Kunreuther, Howard, Heal, et al. A Firm Can Only Go Bankrupt Once[C]. Wharton Risk Manag ement and Dec-ision Processes Center Wor king Paper Philadelphia: University of Pennsylvania, 2002.
[13] Kunreuther, Howard, Geoffr ey, et al. Interdependent Security[J]. Journal of Risk and Uncertainty, 2003, 26(2/3):231-249.
[14] Anderson, Ross.Why Information Security is Hard-an Economic Perspective[R]. Working Paper, Computer Laboratory, Cambridge, 2001.
[15] Baron, Jonathan, Howard, et al.Determinants of priority for risk reduction: the role of worry [J]. Risk Analysis,2000, 20: 413-427.
[16] Ayres, Ian and Steven Levitt.Measuring the Positive Externalities from Unobservable Victim Precaution: An Empirical Analysis of Lojack [J]. Quarterly Journal of Economics,1998, 113: 43-77.
[17] McClelland, G. and Schulze, W. and Coursey, D.I nsurance for Low-Probability Hazar d: A Bimodal Response to Unlikely Events[J]. Journal of Risk and Uncertainty, 1993, 7:95-116.
[18] Crawford, Vincent, Hans, et al. Learning How to Cooperate:Optimal Play in Repeated Coordination Games[J]. Econometrica,1990, 58(5): Issue 3571-595.