221,583 research outputs found
The Economic Incentives for Sharing Security Information
Given that Information Technology (IT) security has emerged as an important issue in the last few years, the subject of security information sharing among firms, as a tool to minimize security breaches, has gained the interest of practitioners and academics. To promote the disclosure and sharing of cyber-security information among firms, the US federal government has encouraged the establishment of many industry based Information Sharing & Analysis Centers (ISACs) under Presidential Decision Directive 63. Sharing security vulnerabilities and technological solutions related to methods for preventing, detecting and correcting security breaches, is the fundamental goal of the ISACs. However, there are a number of interesting economic issues that will affect the achievement of this goal. Using game theory, we develop an analytical framework to investigate the competitive implications of sharing security information and investments in security technologies. We find that security technology investments and security information sharing act as ``strategic complements'' in equilibrium. Our results suggest that information sharing is more valuable when product substitutability is higher, implying that such sharing alliances yield greater benefits in more competitive industries. We also highlight that the benefits from such information sharing alliances increase with the size of the firm. We compare the levels of information sharing and technology investments obtained when firms behave independently (Bertrand-Nash) to those selected by an ISAC which maximizes social welfare or joint industry profits. Our results help us predict the consequences of establishing organizations such as ISACs, CERT or InfraGard by the federal government.Technology Investment, Information Sharing, Security Breaches, Externality Benefit, Spillover Effect, Social Welfare
The Economic Incentives for Sharing Security Information
Given that information technology (IT) security has emerged as an important issue in the last few years, the
subject of security information sharing among firms, as a tool to minimize security breaches, has gained
the interest of practitioners and academics. To promote the disclosure and sharing of cyber security information
among firms, the U.S. federal government has encouraged the establishment of many industry-based Information
Sharing and Analysis Centers (ISACs) under Presidential Decision Directive (PDD) 63. Sharing security
vulnerabilities and technological solutions related to methods for preventing, detecting, and correcting security
breaches is the fundamental goal of the ISACs. However, there are a number of interesting economic issues that
will affect the achievement of this goal. Using game theory, we develop an analytical framework to investigate
the competitive implications of sharing security information and investments in security technologies. We find
that security technology investments and security information sharing act as âstrategic complementsâ in equilibrium.
Our results suggest that information sharing is more valuable when product substitutability is higher,
implying that such sharing alliances yield greater benefits in more competitive industries. We also highlight that
the benefits from such information-sharing alliances increase with the size of the firm. We compare the levels of
information sharing and technology investments obtained when firms behave independently (Bertrand-Nash) to
those selected by an ISAC, which maximizes social welfare or joint industry profits. Our results help us predict
the consequences of establishing organizations such as ISACs, Computer Emergency Response Team (CERT),
or InfraGard by the federal government.NYU, Stern School of Business, IOMS Department, Center for Digital Economy Researc
TRIDEnT: Building Decentralized Incentives for Collaborative Security
Sophisticated mass attacks, especially when exploiting zero-day
vulnerabilities, have the potential to cause destructive damage to
organizations and critical infrastructure. To timely detect and contain such
attacks, collaboration among the defenders is critical. By correlating
real-time detection information (alerts) from multiple sources (collaborative
intrusion detection), defenders can detect attacks and take the appropriate
defensive measures in time. However, although the technical tools to facilitate
collaboration exist, real-world adoption of such collaborative security
mechanisms is still underwhelming. This is largely due to a lack of trust and
participation incentives for companies and organizations. This paper proposes
TRIDEnT, a novel collaborative platform that aims to enable and incentivize
parties to exchange network alert data, thus increasing their overall detection
capabilities. TRIDEnT allows parties that may be in a competitive relationship,
to selectively advertise, sell and acquire security alerts in the form of
(near) real-time peer-to-peer streams. To validate the basic principles behind
TRIDEnT, we present an intuitive game-theoretic model of alert sharing, that is
of independent interest, and show that collaboration is bound to take place
infinitely often. Furthermore, to demonstrate the feasibility of our approach,
we instantiate our design in a decentralized manner using Ethereum smart
contracts and provide a fully functional prototype.Comment: 28 page
Back to the Future: A Century of Compensation
What were the hot compensation issues and practices over the past century? Does history offer any lessons that may inform our compensation decisions in the future? To answer these questions, we reviewed newspapers and business publications from the past 100 years. To highlight changes in compensation systems during that time, we selected four topics to examine in detail in this paper: compensation\u27s role in the changing nature of the deal; the evolution of pay-for-performance; the emergence of benefits; and the bellwethers of compensation systems.
Four lessons for the future are drawn. These include: End the search for the one right compensation strategy; Understand what in the context matters; Continue pragmatic experimentation, and Support continuous learning about compensation. Readers are invited to delve into the history of compensation to discover what they take away for the future
Confronting objections to performance pay: A study of the impact of individual and gain-sharing incentives on the job satisfaction of British employees
The increasing interest in incentive pay schemes in recent years has raised concerns regarding their potential damaging effect on intrinsic job satisfaction, or the security of employment. This study explores the impact of both individual and gain-sharing incentives on the overall job satisfaction of workers in the UK, as well as their satisfaction with various facets of jobs, namely total pay, job security, and the actual work itself. Using data from six waves (1998-2003) of the British Household Panel Survey (BHPS), and after correcting for the sorting problem that arises, no significant difference in overall job utility is found between those receiving performance-related pay (PRP) and those on other methods of compensation. In addition, non-economic arguments that PRP crowds-out the intrinsic satisfaction of jobs are also not supported, as are popular concerns regarding the adverse impact of PRP schemes on job security. An important asymmetry in the manner in which individual and gain-sharing incentives affect the utility of employees is nonetheless unearthed, as the latter are consistently found to have a positive effect on employee well-being
- âŠ