Sciweavers

CSFW
2008
IEEE

Security Decision-Making among Interdependent Organizations

14 years 7 months ago
Security Decision-Making among Interdependent Organizations
In various settings, such as when customers use the same passwords at several independent web sites, security decisions by one organization may have a significant impact on the security of another. We develop a model for security decision-making in such settings, using a variation of linear influence networks. The linear influence model uses a matrix to represent linear dependence between security investment at one organization and resulting security at another, and utility functions to measure the overall benefit to each organization. A simple matrix condition implies the existence and uniqueness of Nash equilibria, which can be reached by a natural iterative algorithm. A free-riding index, expressible using quantities computed in this model, measure the degree to which one organization can potentially reduce its security investment and benefit from investments of others. We apply this framework to investigate three examples: web site security with shared passwords, customer edu...
Reiko Ann Miura-Ko, Benjamin Yolken, John Mitchell
Added 29 May 2010
Updated 29 May 2010
Type Conference
Year 2008
Where CSFW
Authors Reiko Ann Miura-Ko, Benjamin Yolken, John Mitchell, Nicholas Bambos
Comments (0)