Resilience in Information Stewardship

Christos Ioannidis, David Pym, Julian Williams, Iffat Gheyas

Research output: Contribution to journalArticle

Abstract

Information security is concerned with protecting the confidentiality, integrity, and availability of information systems. System managers deploy their resources with the aim of maintaining target levels of these attributes in the presence of reactive threats. Information stewardship is the challenge of maintaining the sustainability and resilience of the security attributes of (complex, interconnected, multi-agent) information ecosystems. In this paper, we present, in the tradition of public economics, a model of stewardship which addresses directly the question of resilience. We model attacker-target-steward behaviour in a fully endogenous Nash equilibrium setting. We analyse the occurrence of externalities across targets and assess the steward's ability to internalise these externalities under varying informational assumptions. We apply and simulate this model in the case of a critical national infrastructure example.

Original languageEnglish
Pages (from-to)638-653
Number of pages16
JournalEuropean Journal of Operational Research
Volume274
Issue number2
Early online date16 Oct 2018
DOIs
Publication statusPublished - 16 Apr 2019
Externally publishedYes

Fingerprint

Resilience
Externalities
Target
Attribute
Critical Infrastructure
Information Security
Confidentiality
Sustainability
Security of data
Ecosystem
Nash Equilibrium
Ecosystems
Integrity
Sustainable development
Information Systems
Information systems
Managers
Availability
Model
Economics

Cite this

Ioannidis, C., Pym, D., Williams, J., & Gheyas, I. (2019). Resilience in Information Stewardship. European Journal of Operational Research, 274(2), 638-653. https://doi.org/10.1016/j.ejor.2018.10.020
Ioannidis, Christos ; Pym, David ; Williams, Julian ; Gheyas, Iffat. / Resilience in Information Stewardship. In: European Journal of Operational Research. 2019 ; Vol. 274, No. 2. pp. 638-653.
@article{dbf0e887d4014a4c9bb114b9ed7b7002,
title = "Resilience in Information Stewardship",
abstract = "Information security is concerned with protecting the confidentiality, integrity, and availability of information systems. System managers deploy their resources with the aim of maintaining target levels of these attributes in the presence of reactive threats. Information stewardship is the challenge of maintaining the sustainability and resilience of the security attributes of (complex, interconnected, multi-agent) information ecosystems. In this paper, we present, in the tradition of public economics, a model of stewardship which addresses directly the question of resilience. We model attacker-target-steward behaviour in a fully endogenous Nash equilibrium setting. We analyse the occurrence of externalities across targets and assess the steward's ability to internalise these externalities under varying informational assumptions. We apply and simulate this model in the case of a critical national infrastructure example.",
keywords = "Information Security, Regulation, Strategic Behaviour, System Resilience",
author = "Christos Ioannidis and David Pym and Julian Williams and Iffat Gheyas",
year = "2019",
month = "4",
day = "16",
doi = "10.1016/j.ejor.2018.10.020",
language = "English",
volume = "274",
pages = "638--653",
journal = "European Journal of Operational Research",
issn = "0377-2217",
publisher = "Elsevier",
number = "2",

}

Ioannidis, C, Pym, D, Williams, J & Gheyas, I 2019, 'Resilience in Information Stewardship', European Journal of Operational Research, vol. 274, no. 2, pp. 638-653. https://doi.org/10.1016/j.ejor.2018.10.020

Resilience in Information Stewardship. / Ioannidis, Christos; Pym, David; Williams, Julian; Gheyas, Iffat.

In: European Journal of Operational Research, Vol. 274, No. 2, 16.04.2019, p. 638-653.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Resilience in Information Stewardship

AU - Ioannidis, Christos

AU - Pym, David

AU - Williams, Julian

AU - Gheyas, Iffat

PY - 2019/4/16

Y1 - 2019/4/16

N2 - Information security is concerned with protecting the confidentiality, integrity, and availability of information systems. System managers deploy their resources with the aim of maintaining target levels of these attributes in the presence of reactive threats. Information stewardship is the challenge of maintaining the sustainability and resilience of the security attributes of (complex, interconnected, multi-agent) information ecosystems. In this paper, we present, in the tradition of public economics, a model of stewardship which addresses directly the question of resilience. We model attacker-target-steward behaviour in a fully endogenous Nash equilibrium setting. We analyse the occurrence of externalities across targets and assess the steward's ability to internalise these externalities under varying informational assumptions. We apply and simulate this model in the case of a critical national infrastructure example.

AB - Information security is concerned with protecting the confidentiality, integrity, and availability of information systems. System managers deploy their resources with the aim of maintaining target levels of these attributes in the presence of reactive threats. Information stewardship is the challenge of maintaining the sustainability and resilience of the security attributes of (complex, interconnected, multi-agent) information ecosystems. In this paper, we present, in the tradition of public economics, a model of stewardship which addresses directly the question of resilience. We model attacker-target-steward behaviour in a fully endogenous Nash equilibrium setting. We analyse the occurrence of externalities across targets and assess the steward's ability to internalise these externalities under varying informational assumptions. We apply and simulate this model in the case of a critical national infrastructure example.

KW - Information Security

KW - Regulation

KW - Strategic Behaviour

KW - System Resilience

UR - http://www.scopus.com/inward/record.url?scp=85057432537&partnerID=8YFLogxK

U2 - 10.1016/j.ejor.2018.10.020

DO - 10.1016/j.ejor.2018.10.020

M3 - Article

VL - 274

SP - 638

EP - 653

JO - European Journal of Operational Research

JF - European Journal of Operational Research

SN - 0377-2217

IS - 2

ER -