Back
 JIS  Vol.7 No.2 , March 2016
Is Public Co-Ordination of Investment in Information Security Desirable?
Abstract: This paper provides for the presentation, in an integrated manner, of a sequence of results addressing the consequences of the presence of an information steward in an ecosystem under attack and establishes the appropriate defensive investment responses, thus allowing for a cohesive understanding of the nature of the information steward in a variety of attack contexts. We determine the level of investment in information security and attacking intensity when agents react in a non-coordinated manner and compare them to the case of the system’s coordinated response undertaken under the guidance of a steward. We show that only in the most well-designed institutional set-up the presence of the well-informed steward provides for an increase of the system’s resilience to attacks. In the case in which both the information available to the steward and its policy instruments are curtailed, coordinated policy responses yield no additional benefits to individual agents and in some case they actually compared unfavourably to atomistic responses. The system’s sustainability does improve in the presence of a steward, which deters attackers and reduces the numbers and intensity of attacks. In most cases, the resulting investment expenditure undertaken by the agents in the ecosystem exceeds its Pareto efficient magnitude.
Cite this paper: Ioannidis, C. , Pym, D. and Williams, J. (2016) Is Public Co-Ordination of Investment in Information Security Desirable?. Journal of Information Security, 7, 60-80. doi: 10.4236/jis.2016.72005.
References

[1]   Ioannidis, C., Pym, D. and Williams, J. (2013) Sustainability in Information Stewardship: Time Preferences, Externalities, and Social Co-Ordination. In: Friedman, A., Ed., Proceedings of the 12th Annual Workshop on the Economic of Information Security (WEIS 2013), Georgetown University, Washington DC, 11-12 June 2013.
http://weis2013.econinfosec.org/papers/IoannidisPymWilliamsWEIS2013.pdf

[2]   Ioannidis, C., Pym, D. and Williams, J. (2014) Sustainability in Information Stewardship: Time Preferences, Externalities, and Social Co-Ordination. University College London, Department of Computer Science, Research Note RN/14/ 15.
http://www.cs.ucl.ac.uk/fileadmin/UCL-CS/research/Research_Notes/rn-14-15_01.pdf

[3]   Ioannidis, C., Pym, D., Williams, J. and Gheyas, I. (2013) Resilience in Information Stewardship. In: Grossklags, J., Ed., Proceedings of the 13th Annual Workshop on the Economic of Information Security (WEIS 2014), Pennsylvania State University, 23-24 June 2014.
http://weis2014.econinfosec.org/papers/Ioannidis-WEIS2014.pdf

[4]   Ioannidis, C., Pym, D., Williams, J. and Gheyas, I. (2014) Resilience in Information Stewardship. University College London, Department of Computer Science, Research Note RN/14/16.
http://www.cs.ucl.ac.uk/fileadmin/UCL-CS/research/Research_Notes/rn-14-16_01.pdf

[5]   Nardi, B. and O’Day, V. (1999) Information Ecologies. MIT Press.

[6]   Chapin III, F.S., Kofinas, G.P. and Folke, C. (2009) Principles of Ecosystem Stewardship: Resilience-Based Natural Resource Management in a Changing World. Springer-Verlag.

[7]   Stern, N. (2006) Stern Review on the Economics of Climate Change: Executive Summary Long. HM Treasury Stationary Office.

[8]   Hall, C., Anderson, R., Clayton, R., Ouzounis, E. and Trimintzios, P. (2013) Resilience of the Internet Interconnection Ecosystem. In: Schneier, B., Ed., Economics of Information Security and Privacy III, Springer, 119-148.
http://dx.doi.org/10.1007/978-1-4614-1981-5_6

[9]   Benabou, R. and Tirole, J. (2012) Laws and Norms. Working Paper IZA DP No. 6290.

[10]   Funk, P. (2007) Is There an Expressive Function of Law? An Empirical Analysis of Voting Laws with Symbolic Fines. American Economic Review, 9, 135-139.
http://dx.doi.org/10.1093/aler/ahm002

[11]   Tyran, J. and Feld, L. (2006) Achieving Compliance When Legal Sanctions Are Non-Deterrent. Scandinavian Journal of Economics, 108, 135-156.
http://dx.doi.org/10.1111/j.1467-9442.2006.00444.x

[12]   Andreoni, J. (1989) Giving with Impure Altruism: Applications to Charity and Ricardian Equivalence. Journal of Political Economy, 97, 1447-1458.
http://dx.doi.org/10.1086/261662

[13]   Deci, E. (1985) Intrinsic Motivation in Human Behavior. Plenum.
http://dx.doi.org/10.1007/978-1-4899-2271-7

[14]   Gordon, L. and Loeb, M. (2002) The Economics of Information Security Investment. ACM Transactions on Information and Systems Security, 5, 438-457.
http://dx.doi.org/10.1145/581271.581274

[15]   Caplin, A. and Leahy, J. (2004) The Social Discount Rate. Journal of Political Economy, 112, 1257-1268.
http://dx.doi.org/10.1086/424740

[16]   Ioannidis, C., Pym, D. and Williams, J. (2012) Fixed Costs, Investment Rigidities, and Risk Aversion in Information Security: A Utility-Theoretic Approach. In: Schneier, B., Ed., Economics of Security and Privacy III, Springer, Proceedings of the 2011 Workshop on the Economics of Information Security.

[17]   Ioannidis, C., Pym, D.J. and Williams, J.M. (2013) Sustainability in Information Stewardship: Time Preferences, Externalities, and Social Co-Ordination. The Twelfth Workshop on the Economics of Information Security (WEIS 2013).
http://weis2013.econinfosec.org/papers/IoannidisPymWilliamsWEIS2013.pdf

[18]   Fudenberg, D. and Tirole, J. (1991) Game Theory. MIT Press.

[19]   Baldwin, J., Gellatly, G., Tanguay, M. and Patry, A. (2005) Estimating Depreciation Rates for the Productivity Accounts. Technical Report, OECD Micro-Economics Analysis Division Publication.

[20]   Publications, N. (2013) Second Draft 2014 Business Plan and Budget. Technical Report, North American Electric Reliability Corporation.

[21]   Statement, F.P. (2009) Smart Grid Policy. Technical Report, Federal Energy Regulatory Commission.

 
 
Top