IDEAS home Printed from https://ideas.repec.org/a/eee/ejores/v274y2019i2p638-653.html
   My bibliography  Save this article

Resilience in information stewardship

Author

Listed:
  • Ioannidis, Christos
  • Pym, David
  • Williams, Julian
  • Gheyas, Iffat

Abstract

Information security is concerned with protecting the confidentiality, integrity, and availability of information systems. System managers deploy their resources with the aim of maintaining target levels of these attributes in the presence of reactive threats. Information stewardship is the challenge of maintaining the sustainability and resilience of the security attributes of (complex, interconnected, multi-agent) information ecosystems. In this paper, we present, in the tradition of public economics, a model of stewardship which addresses directly the question of resilience. We model attacker-target-steward behaviour in a fully endogenous Nash equilibrium setting. We analyse the occurrence of externalities across targets and assess the steward’s ability to internalise these externalities under varying informational assumptions. We apply and simulate this model in the case of a critical national infrastructure example.

Suggested Citation

  • Ioannidis, Christos & Pym, David & Williams, Julian & Gheyas, Iffat, 2019. "Resilience in information stewardship," European Journal of Operational Research, Elsevier, vol. 274(2), pages 638-653.
    • Handle: RePEc:eee:ejores:v:274:y:2019:i:2:p:638-653
    DOI: 10.1016/j.ejor.2018.10.020
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0377221718308737
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ejor.2018.10.020?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Jean Tirole & Roland Bénabou, 2006. "Incentives and Prosocial Behavior," American Economic Review, American Economic Association, vol. 96(5), pages 1652-1678, December.
    2. Robert T. Deacon & Henning Bohn, 2000. "Ownership Risk, Investment, and the Use of Natural Resources," American Economic Review, American Economic Association, vol. 90(3), pages 526-549, June.
    3. Dehning, Bruce & Richardson, Vernon, 2002. "Return on investments in information technology: Beyond the productivity paradox," Journal of Financial Transformation, Capco Institute, vol. 6, pages 83-91.
    4. Ashish Arora & Rahul Telang & Hao Xu, 2008. "Optimal Policy for Software Vulnerability Disclosure," Management Science, INFORMS, vol. 54(4), pages 642-656, April.
    5. Terrence August & Tunay I. Tunca, 2006. "Network Software Security and User Incentives," Management Science, INFORMS, vol. 52(11), pages 1703-1720, November.
    6. Adrian Baldwin & Iffat Gheyas & Christos Ioannidis & David Pym & Julian Williams, 2017. "Contagion in cyber security attacks," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 68(7), pages 780-791, July.
    7. David Pym & Martin Sadler, 2010. "Information Stewardship in Cloud Computing," International Journal of Service Science, Management, Engineering, and Technology (IJSSMET), IGI Global, vol. 1(1), pages 50-67, January.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Efpraxia D. Zamani & Conn Smyth & Samrat Gupta & Denis Dennehy, 2023. "Artificial intelligence and big data analytics for supply chain resilience: a systematic literature review," Annals of Operations Research, Springer, vol. 327(2), pages 605-632, August.
    2. Poulin, Craig & Kane, Michael B., 2021. "Infrastructure resilience curves: Performance measures and summary metrics," Reliability Engineering and System Safety, Elsevier, vol. 216(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Terrence August & Duy Dao & Marius Florin Niculescu, 2022. "Economics of Ransomware: Risk Interdependence and Large-Scale Attacks," Management Science, INFORMS, vol. 68(12), pages 8979-9002, December.
    2. Ashish Arora & Ramayya Krishnan & Rahul Telang & Yubao Yang, 2010. "An Empirical Analysis of Software Vendors' Patch Release Behavior: Impact of Vulnerability Disclosure," Information Systems Research, INFORMS, vol. 21(1), pages 115-132, March.
    3. Terrence August & Duy Dao & Kihoon Kim, 2019. "Market Segmentation and Software Security: Pricing Patching Rights," Management Science, INFORMS, vol. 65(10), pages 4575-4597, October.
    4. Ioannidis, Christos & Pym, David & Williams, Julian, 2012. "Information security trade-offs and optimal patching policies," European Journal of Operational Research, Elsevier, vol. 216(2), pages 434-444.
    5. Terrence August & Tunay I. Tunca, 2011. "Who Should Be Responsible for Software Security? A Comparative Analysis of Liability Policies in Network Environments," Management Science, INFORMS, vol. 57(5), pages 934-959, May.
    6. Terrence August & Marius Florin Niculescu & Hyoduk Shin, 2014. "Cloud Implications on Software Network Structure and Security Risks," Information Systems Research, INFORMS, vol. 25(3), pages 489-510, September.
    7. Zan Zhang & Guofang Nan & Yong Tan, 2020. "Cloud Services vs. On-Premises Software: Competition Under Security Risk and Product Customization," Information Systems Research, INFORMS, vol. 31(3), pages 848-864, September.
    8. Terrence August & Marius Florin Niculescu, 2013. "The Influence of Software Process Maturity and Customer Error Reporting on Software Release and Pricing," Management Science, INFORMS, vol. 59(12), pages 2702-2726, December.
    9. Giuseppe Attanasi & Ylenia Curci & Patrick Llerena & Maria del Pino Ramos-Sosa & Adriana Carolina Pinate & Giulia Urso, 2019. "Looking at Creativity from East to West: Risk Taking and Intrinsic Motivation in Socially and Culturally Diverse Countries," Working Papers of BETA 2019-38, Bureau d'Economie Théorique et Appliquée, UDS, Strasbourg.
    10. Nocetti, Diego C., 2013. "The LeChatelier principle for changes in risk," Journal of Mathematical Economics, Elsevier, vol. 49(6), pages 460-466.
    11. Gary Bolton & Eugen Dimant & Ulrich Schmidt, 2018. "When a Nudge Backfires. Using Observation with Social and Economic Incentives to Promote Pro-Social Behavior," PPE Working Papers 0017, Philosophy, Politics and Economics, University of Pennsylvania.
    12. Araujo, Claudio & Bonjean, Catherine Araujo & Combes, Jean-Louis & Combes Motel, Pascale & Reis, Eustaquio J., 2009. "Property rights and deforestation in the Brazilian Amazon," Ecological Economics, Elsevier, vol. 68(8-9), pages 2461-2468, June.
    13. Bruno S. Frey & Susanne Neckermann, 2005. "Auszeichnungen: Ein Vernachl�ssigter Anreiz," IEW - Working Papers 254, Institute for Empirical Research in Economics - University of Zurich.
    14. Thomas Dohmen & Armin Falk & David Huffman & Uwe Sunde, 2009. "Homo Reciprocans: Survey Evidence on Behavioural Outcomes," Economic Journal, Royal Economic Society, vol. 119(536), pages 592-612, March.
    15. Carsten Hefeker & Sebastian G. Kessing, 2017. "Competition for natural resources and the hold-up problem," Canadian Journal of Economics, Canadian Economics Association, vol. 50(3), pages 871-888, August.
    16. Manna, Ester, 2013. "Mixed Duopoly with Motivated Teachers," MPRA Paper 52041, University Library of Munich, Germany.
    17. Carattini, Stefano & Gillingham, Kenneth & Meng, Xiangyu & Yoeli, Erez, 2024. "Peer-to-peer solar and social rewards: Evidence from a field experiment," Journal of Economic Behavior & Organization, Elsevier, vol. 219(C), pages 340-370.
    18. Sseruyange, J. & Bulte, E., 2018. "Do Incentives matter for Knowledge Diffusion? Experimental Evidence from Uganda," 2018 Conference, July 28-August 2, 2018, Vancouver, British Columbia 275896, International Association of Agricultural Economists.
    19. Ek, Claes, 2017. "Some causes are more equal than others? The effect of similarity on substitution in charitable giving," Journal of Economic Behavior & Organization, Elsevier, vol. 136(C), pages 45-62.
    20. Lacetera, Nicola & Macis, Mario, 2008. "Motivating Altruism: A Field Study," IZA Discussion Papers 3770, Institute of Labor Economics (IZA).

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ejores:v:274:y:2019:i:2:p:638-653. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: http://www.elsevier.com/locate/eor .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.