Modelging IT Security Investment in Target Group of Similar Firms: A Control Theoretic Approach

Criminal-hacker nexus leads to a 2 step target selection process, which begins with a short list of firms with similar information assets from which the hacker finally picks up that firm which has the weakest defense. This translates into a scenario where firms with similar information assets engage in a veiled race so as not to appear as the soft target in the focus group. In this work we propose a duopolistic model and utilize a differential game framework to analyze the IT security investment decisions of two firms who find themselves in such a short list of hacking targets and must compete dynamically on their IT security investments to reduce the risk of being breached. We provide the steady state (singular region) analysis of the differential game for two firms with symmetric and asymmetric parameters. Our model exhibits that hacker learning and firms’ security investment efficiency have opposite effects on the two equilibrium outcomes of interest, namely, the security level and the security investment ate. As hacker learning improves (security investment efficiency increases), the security levels and security investment rate of the two firms move apart (closer)

ACUTA Journal of Telecommunications in Higher Education

In This Issue System Security policy: What lt ts and Why Every Campus Needs One Mlzzou lntegrates Firewall and VPN Technology for Added Security College-Based programs Boost Computer Security Privacy on Today\u27s Electronic Campus Current Trends in lnformation Security at UW-Madison Watching the Network Cybercrime: Are you Ready? Columns Book Review Bill D. Morris Awar