{"title":"考虑预算约束和攻击者偏好的信息安全投资策略研究","authors":"Chongxia Pan","doi":"10.1145/3573834.3574573","DOIUrl":null,"url":null,"abstract":"Information security investment is the basis to ensure the stable operation of information systems. By adopting expected utility theory, the paper studies the influences of budget constraints, attacker preferences, attack types and other factors on firm information security investment strategies. The results show, under a certain budget constraint, when opportunistic attackers prefer to select attack targets from the system vulnerability and targeted attackers prefer to select attack targets from the value of information assets, the optimal information security investment of a firm has a minimum value and the minimum value increases with the security investment efficiency of defending against targeted attacks. When the network exposure is small, investment on defending against targeted attack decreases with the network exposure. When the network exposure is relatively large, security investment on defending against targeted attack increases with the network exposure, and security investment on defending against opportunistic attack decreases with the network exposure.","PeriodicalId":345434,"journal":{"name":"Proceedings of the 4th International Conference on Advanced Information Science and System","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Research on the Information Security Investment Strategies Considering Budget Constraints and the Attacker's Preferences\",\"authors\":\"Chongxia Pan\",\"doi\":\"10.1145/3573834.3574573\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information security investment is the basis to ensure the stable operation of information systems. By adopting expected utility theory, the paper studies the influences of budget constraints, attacker preferences, attack types and other factors on firm information security investment strategies. The results show, under a certain budget constraint, when opportunistic attackers prefer to select attack targets from the system vulnerability and targeted attackers prefer to select attack targets from the value of information assets, the optimal information security investment of a firm has a minimum value and the minimum value increases with the security investment efficiency of defending against targeted attacks. When the network exposure is small, investment on defending against targeted attack decreases with the network exposure. When the network exposure is relatively large, security investment on defending against targeted attack increases with the network exposure, and security investment on defending against opportunistic attack decreases with the network exposure.\",\"PeriodicalId\":345434,\"journal\":{\"name\":\"Proceedings of the 4th International Conference on Advanced Information Science and System\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 4th International Conference on Advanced Information Science and System\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3573834.3574573\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 4th International Conference on Advanced Information Science and System","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3573834.3574573","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Research on the Information Security Investment Strategies Considering Budget Constraints and the Attacker's Preferences
Information security investment is the basis to ensure the stable operation of information systems. By adopting expected utility theory, the paper studies the influences of budget constraints, attacker preferences, attack types and other factors on firm information security investment strategies. The results show, under a certain budget constraint, when opportunistic attackers prefer to select attack targets from the system vulnerability and targeted attackers prefer to select attack targets from the value of information assets, the optimal information security investment of a firm has a minimum value and the minimum value increases with the security investment efficiency of defending against targeted attacks. When the network exposure is small, investment on defending against targeted attack decreases with the network exposure. When the network exposure is relatively large, security investment on defending against targeted attack increases with the network exposure, and security investment on defending against opportunistic attack decreases with the network exposure.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
