TY - JOUR
T1 - Resilience in Information Stewardship
AU - Ioannidis, Christos
AU - Pym, David
AU - Williams, Julian
AU - Gheyas, Iffat
PY - 2019/4/16
Y1 - 2019/4/16
N2 - Information security is concerned with protecting the confidentiality, integrity, and availability of information systems. System managers deploy their resources with the aim of maintaining target levels of these attributes in the presence of reactive threats. Information stewardship is the challenge of maintaining the sustainability and resilience of the security attributes of (complex, interconnected, multi-agent) information ecosystems. In this paper, we present, in the tradition of public economics, a model of stewardship which addresses directly the question of resilience. We model attacker-target-steward behaviour in a fully endogenous Nash equilibrium setting. We analyse the occurrence of externalities across targets and assess the steward's ability to internalise these externalities under varying informational assumptions. We apply and simulate this model in the case of a critical national infrastructure example.
AB - Information security is concerned with protecting the confidentiality, integrity, and availability of information systems. System managers deploy their resources with the aim of maintaining target levels of these attributes in the presence of reactive threats. Information stewardship is the challenge of maintaining the sustainability and resilience of the security attributes of (complex, interconnected, multi-agent) information ecosystems. In this paper, we present, in the tradition of public economics, a model of stewardship which addresses directly the question of resilience. We model attacker-target-steward behaviour in a fully endogenous Nash equilibrium setting. We analyse the occurrence of externalities across targets and assess the steward's ability to internalise these externalities under varying informational assumptions. We apply and simulate this model in the case of a critical national infrastructure example.
KW - Information Security
KW - Regulation
KW - Strategic Behaviour
KW - System Resilience
UR - http://www.scopus.com/inward/record.url?scp=85057432537&partnerID=8YFLogxK
U2 - 10.1016/j.ejor.2018.10.020
DO - 10.1016/j.ejor.2018.10.020
M3 - Article
AN - SCOPUS:85057432537
VL - 274
SP - 638
EP - 653
JO - European Journal of Operational Research
JF - European Journal of Operational Research
SN - 0377-2217
IS - 2
ER -