针对安全漏洞的制裁方法的比较

Second International Conference on Future Generation Communication Technologies (FGCT 2013) Pub Date : 2013-11-01 DOI:10.1109/FGCT.2013.6767202

M. Naldi, M. Flamini, G. D'Acquisto

{"title":"针对安全漏洞的制裁方法的比较","authors":"M. Naldi, M. Flamini, G. D'Acquisto","doi":"10.1109/FGCT.2013.6767202","DOIUrl":null,"url":null,"abstract":"Though data breaches causing heavy monetary losses to customers could be reduced by investing more in security, service providers holding customers' personal data often do not feel enough pressure to heighten their security level. A sanctioning approach, holding the service provider liable for monetary losses resulting from data breaches, may provide the spur to increase security investments. In this paper, we review and compare two approaches to determine sanctions for the service providers, where the sanction is proportional respectively to the expected damage suffered by the customer and to the product of that damage and the service providers' revenues. The comparison is conducted by examining the game modelling the interaction between the customer and the service provider. In a typical scenario, the approach based on the service provider's revenues leads to larger security investments (for any degree of exposure of the customer) and to a stronger reduction of the data breach probability.","PeriodicalId":200083,"journal":{"name":"Second International Conference on Future Generation Communication Technologies (FGCT 2013)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A comparison of sanctioning approaches for security breaches\",\"authors\":\"M. Naldi, M. Flamini, G. D'Acquisto\",\"doi\":\"10.1109/FGCT.2013.6767202\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Though data breaches causing heavy monetary losses to customers could be reduced by investing more in security, service providers holding customers' personal data often do not feel enough pressure to heighten their security level. A sanctioning approach, holding the service provider liable for monetary losses resulting from data breaches, may provide the spur to increase security investments. In this paper, we review and compare two approaches to determine sanctions for the service providers, where the sanction is proportional respectively to the expected damage suffered by the customer and to the product of that damage and the service providers' revenues. The comparison is conducted by examining the game modelling the interaction between the customer and the service provider. In a typical scenario, the approach based on the service provider's revenues leads to larger security investments (for any degree of exposure of the customer) and to a stronger reduction of the data breach probability.\",\"PeriodicalId\":200083,\"journal\":{\"name\":\"Second International Conference on Future Generation Communication Technologies (FGCT 2013)\",\"volume\":\"66 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Second International Conference on Future Generation Communication Technologies (FGCT 2013)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FGCT.2013.6767202\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Second International Conference on Future Generation Communication Technologies (FGCT 2013)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FGCT.2013.6767202","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

虽然可以通过加强安全投资来减少给客户造成重大经济损失的数据泄露，但持有客户个人数据的服务提供商往往没有足够的压力来提高其安全水平。一种制裁方法，让服务提供商对数据泄露造成的经济损失负责，可能会刺激增加安全投资。在本文中，我们回顾并比较了确定服务提供商制裁的两种方法，其中制裁分别与客户遭受的预期损害和该损害与服务提供商收入的乘积成正比。通过对客户和服务提供商之间的互动进行博弈建模来进行比较。在典型的场景中，基于服务提供商收入的方法会导致更大的安全投资(针对任何程度的客户暴露)，并更有力地降低数据泄露的可能性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A comparison of sanctioning approaches for security breaches

Though data breaches causing heavy monetary losses to customers could be reduced by investing more in security, service providers holding customers' personal data often do not feel enough pressure to heighten their security level. A sanctioning approach, holding the service provider liable for monetary losses resulting from data breaches, may provide the spur to increase security investments. In this paper, we review and compare two approaches to determine sanctions for the service providers, where the sanction is proportional respectively to the expected damage suffered by the customer and to the product of that damage and the service providers' revenues. The comparison is conducted by examining the game modelling the interaction between the customer and the service provider. In a typical scenario, the approach based on the service provider's revenues leads to larger security investments (for any degree of exposure of the customer) and to a stronger reduction of the data breach probability.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Second International Conference on Future Generation Communication Technologies (FGCT 2013)

自引率

0.00%

发文量