Information security outsourcing in a resource-sharing environment: The impacts of attack modes

被引:0
|
作者
Gao, Xing [1 ]
Gong, Siyu [1 ]
Wang, Ying [1 ]
Zhang, Yanfang [2 ,3 ]
机构
[1] Southeast Univ, Nanjing, Jiangsu, Peoples R China
[2] Nanjing Univ Finance & Econ, Nanjing, Jiangsu, Peoples R China
[3] Nanjing Univ Finance & Econ, Nanjing 210023, Jiangsu, Peoples R China
关键词
Information security outsourcing; resource sharing; opportunistic attacks; targeted attacks; GROUP DECISION-MAKING; SOCIAL NETWORK; CONSENSUS;
D O I
10.1080/01605682.2023.2233550
中图分类号
C93 [管理学];
学科分类号
12 ; 1201 ; 1202 ; 120202 ;
摘要
Information security outsourcing has become an emerging trend in the operations of information security, but the relation between information assets of firms and attack modes of hackers have failed to be considered. Through building a game-theoretic model, this article analyzes security outsourcing of two firms who share their information resource with each other and are confronted with opportunistic attacks and targeted attacks. We find that in the case of security decisions in-house, the firms may obtain a lower expected cost and the hacker may derive a lower expected benefit under targeted attacks than under opportunistic attacks, even though targeted attacks are widely deemed to be more harmful to the firms. When outsourcing security operations to a MSSP (Managed Security Service Provider), we reveal that under targeted attacks the MSSP can reap a higher expected benefit and the hacker can still derive a lower expected benefit. Finally, we examine the effects of key security elements and find some interesting results. In particular, the MSSP may or may not benefit from the degree of resource sharing, and the hacker may suffer from its learning ability.
引用
收藏
页码:1092 / 1110
页数:19
相关论文
共 28 条
  • [1] A new trust framework for resource-sharing in the grid environment
    Hu, HL
    Chen, D
    Huang, CQ
    [J]. COMPUTATIONAL SCIENCE - ICCS 2005, PT 3, 2005, 3516 : 221 - 228
  • [2] The design of an EDF-scheduled resource-sharing open environment
    Fisher, Nathan
    Bertogna, Marko
    Baruah, Sanjoy
    [J]. RTSS 2007: 28TH IEEE INTERNATIONAL REAL-TIME SYSTEMS SYMPOSIUM, PROCEEDINGS, 2007, : 83 - 92
  • [3] A Two-Player Resource-Sharing Game with Asymmetric Information
    Wijewardena, Mevan
    Neely, Michael J.
    [J]. GAMES, 2023, 14 (05):
  • [4] Performance Evaluation of Opportunistic Resource-Sharing Scheme Using Socially Oriented Outsourcing in Wireless Devices
    Mavromoustakis, Constandinos X.
    Karatza, Helen D.
    [J]. COMPUTER JOURNAL, 2013, 56 (02): : 184 - 197
  • [5] OVERSEE: Outsourcing Verification to Enable Resource Sharing in Edge Environment
    Cai, Xiaoqing
    Shi, Jiuchen
    Yuan, Rui
    Liu, Chang
    Zheng, Wenli
    Chen, Quan
    Li, Chao
    Leng, Jingwen
    Guo, Minyi
    [J]. PROCEEDINGS OF THE 49TH INTERNATIONAL CONFERENCE ON PARALLEL PROCESSING, ICPP 2020, 2020,
  • [6] Secondary memory analysis of a mini/microcomputer in resource-sharing distributed information systems
    Reddi, Arumalla V.
    [J]. 1600, (03):
  • [7] Managing Information Security Outsourcing in a Dynamic Cooperation Environment
    Wu, Yong
    Tayi, Giri Kumar
    Feng, Genzhong
    Fung, Richard Y. K.
    [J]. JOURNAL OF THE ASSOCIATION FOR INFORMATION SYSTEMS, 2021, 22 (03): : 827 - 850
  • [8] SECONDARY MEMORY ANALYSIS OF A MINI MICROCOMPUTER IN RESOURCE-SHARING DISTRIBUTED INFORMATION-SYSTEMS
    REDDI, AV
    [J]. COMPUTING SYSTEMS, 1988, 3 (04): : 189 - 198
  • [9] Application Research of Graphic Design Based on Information Resource-Sharing and Big Data Technology
    Xu, Dan
    [J]. MATHEMATICAL PROBLEMS IN ENGINEERING, 2022, 2022
  • [10] Blockchain-Enabled Adaptive-Learning-Based Resource-Sharing Framework for IIoT Environment
    Iqbal, Sarah
    Noor, Rafidah Md
    Malik, Asad Waqar
    Rahman, Anis U.
    [J]. IEEE INTERNET OF THINGS JOURNAL, 2021, 8 (19): : 14746 - 14755