Optimizing Cybersecurity Investments over Time
نویسندگان
چکیده
In the context of growing vulnerabilities, cyber-risk management cannot rely on a one-off approach, instead calling for continuous re-assessment risk and adaptation strategies. Under mixed investment–insurance where both mitigation transfer are employed, implies re-computation optimal amount to invest in security over time. this paper, we deal with problem computing balance between investment insurance payments achieve minimum overall expense when vulnerability grows time according logistic function, adopting greedy strategy is carried out periodically at each epoch. We consider three liability degrees, from full partial deductibles. find that represents by far dominant component mix may be relied as single protection tool very low.
منابع مشابه
Increasing cybersecurity investments in private sector firms
The primary objective of this article is to develop an economics-based analytical framework for assessing the impact of government incentives/regulations designed to offset the tendency to underinvest in cybersecurity related activities by private sector firms. The analysis provided in the article shows that the potential for government incentives/regulations to increase cybersecurity investmen...
متن کاملCybersecurity Games and Investments: A Decision Support Approach
In this paper we investigate how to optimally invest in cybersecurity controls. We are particularly interested in examining cases where the organization suffers from an underinvestment problem or inefficient spending on cybersecurity. To this end, we first model the cybersecurity environment of an organization. We then model non-cooperative cybersecurity control-games between the defender which...
متن کاملA Game Theory Model of Cybersecurity Investments with Information Asymmetry
In this paper, we develop a game theory model consisting of sellers and buyers with sellers competing non-cooperatively in order to maximize their expected profits by determining their optimal product transactions as well as cybersecurity investments. The buyers reflect their preferences through the demand price functions, which depend on the product demands and on the average level of security...
متن کاملAttack-prevention and damage-control investments in cybersecurity
This paper examines investments in cybersecurity made by users and software providers with a focus on the latter’s concerning attack prevention and damage control. I show that full liability, whereby the provider is liable for all damage, is inefficient, owing namely to underinvestment in attack prevention and overinvestment in damage control. On the other hand, the joint use of an optimal stan...
متن کاملAttack-Deterring and Damage-Control Investments in Cybersecurity
This paper studies investment in cybersecurity, where both the software vendor and the consumers can invest in security. In addition, the vendor can undertake attack-deterring and damage-control investments. I show that full liability, under which the vendor is liable for all damages, does not achieve efficiency and, in particular, the vendor underinvests in attack deterrence and overinvests in...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Algorithms
سال: 2022
ISSN: ['1999-4893']
DOI: https://doi.org/10.3390/a15060211