Is public co-ordination of investment in information security desirable?

Christos Ioannidis, David Pym, Julian Williams

Research output: Contribution to journalArticlepeer-review

Abstract

This paper provides for the presentation, in an integrated manner, of a sequence of results addressing the consequences of the presence of an information steward in an ecosystem under attack and establishes the appropriate defensive investment responses, thus allowing for a cohesive understanding of the nature of the information steward in a variety of attack contexts. We determine the level of investment in information security and attacking intensity when agents react in a non-coordinated manner and compare them to the case of the system’s coordinated response undertaken under the guidance of a steward. We show that only in the most well-designed institutional set-up the presence of the well-informed steward provides for an increase of the system’s resilience to attacks. In the case in which both the information available to the steward and its policy instruments are curtailed, coordinated policy responses yield no additional benefits to individual agents and in some case they actually compared unfavourably to atomistic responses. The system’s sustainability does improve in the presence of a steward, which deters attackers and reduces the numbers and intensity of attacks. In most cases, the resulting investment expenditure undertaken by the agents in the ecosystem exceeds its Pareto efficient magnitude.
Original languageEnglish
Pages (from-to)60-80
Number of pages21
JournalJournal of Information Security
Volume7
DOIs
Publication statusPublished - 30 Mar 2016

Bibliographical note

Copyright © 2016 by authors and Scientific Research Publishing Inc. This work is licensed under the Creative Commons Attribution International License (CC BY). http://creativecommons.org/licenses/by/4.0/

Keywords

  • information security
  • information stewardship
  • investment
  • public co-ordination

Fingerprint

Dive into the research topics of 'Is public co-ordination of investment in information security desirable?'. Together they form a unique fingerprint.

Cite this