5 research outputs found
Resilience in Information Stewardship
Information security is concerned with protecting the confi-
dentiality, integrity, and availability of information systems. System managers
deploy their resources with the aim of maintaining target levels of
these attributes in the presence of reactive threats. Information stewardship
is the challenge of maintaining the sustainability and resilience
of the security attributes of (complex, interconnected, multi-agent) information
ecosystems. In this paper, we present, in the tradition public
economics, a model of stewardship which addresses directly the question
of resilience. We model attacker-target-steward behaviour in a fully
endogenous Nash equilibrium setting. We analyse the occurrence of externalities
across targets and assess the stewardâs ability to internalize
these externalities under varying informational assumptions. We apply
and simulate this model in the case of a critical national infrastructure
example
Is public co-ordination of investment in information security desirable?
This paper provides for the presentation, in an integrated manner, of a sequence of results addressing the consequences of the presence of an information steward in an ecosystem under attack and establishes the appropriate defensive investment responses, thus allowing for a cohesive understanding of the nature of the information steward in a variety of attack contexts. We determine the level of investment in information security and attacking intensity when agents react in a non-coordinated manner and compare them to the case of the systemâs coordinated response undertaken under the guidance of a steward. We show that only in the most well-designed institutional set-up the presence of the well-informed steward provides for an increase of the systemâs resilience to attacks. In the case in which both the information available to the steward and its policy instruments are curtailed, coordinated policy responses yield no additional benefits to individual agents and in some case they actually compared unfavourably to atomistic responses. The systemâs sustainability does improve in the presence of a steward, which deters attackers and reduces the numbers and intensity of attacks. In most cases, the resulting investment expenditure undertaken by the agents in the ecosystem exceeds its Pareto efficient magnitude
Resilience in Information Stewardship
Information security is concerned with protecting the confidentiality, integrity, and availability of information systems. System managers deploy their resources with the aim of maintaining target levels of these attributes in the presence of reactive threats. Information stewardship is the challenge of maintaining the sustainability and resilience of the security attributes of (complex, interconnected, multi-agent) information ecosystems. In this paper, we present, in the tradition of public economics, a model of stewardship which addresses directly the question of resilience. We model attacker-target-steward behaviour in a fully endogenous Nash equilibrium setting. We analyse the occurrence of externalities across targets and assess the stewardâs ability to internalise these externalities under varying informational assumptions. We apply and simulate this model in the case of a critical national infrastructure example