6 research outputs found
Pricing and Investments in Internet Security: A Cyber-Insurance Perspective
Internet users such as individuals and organizations are subject to different
types of epidemic risks such as worms, viruses, spams, and botnets. To reduce
the probability of risk, an Internet user generally invests in traditional
security mechanisms like anti-virus and anti-spam software, sometimes also
known as self-defense mechanisms. However, such software does not completely
eliminate risk. Recent works have considered the problem of residual risk
elimination by proposing the idea of cyber-insurance. In this regard, an
important research problem is the analysis of optimal user self-defense
investments and cyber-insurance contracts under the Internet environment. In
this paper, we investigate two problems and their relationship: 1) analyzing
optimal self-defense investments in the Internet, under optimal cyber-insurance
coverage, where optimality is an insurer objective and 2) designing optimal
cyber-insurance contracts for Internet users, where a contract is a (premium,
coverage) pair
A Survey of Interdependent Information Security Games
Risks faced by information system operators and users are not only determined by their own security posture, but are also heavily affected by the security-related decisions of others. This interdependence between information system operators and users is a fundamental property that shapes the efficiency of security defense solutions. Game theory is the most appropriate method to model the strategic interactions between these participants. In this survey, we summarize game-theoretic interdependence models, characterize the emerging security inefficiencies, and present mechanisms to improve the security decisions of the participants. We focus our attention on games with interdependent defenders and do not discuss two-player attackerdefender games. Our goal is to distill the main insights from the state-of-the-art and to identify the areas that need more attention from the research community