IDEAS home Printed from https://ideas.repec.org/a/eee/reensy/v100y2012icp19-27.html
   My bibliography  Save this article

Data survivability vs. security in information systems

Author

Listed:
  • Levitin, Gregory
  • Hausken, Kjell
  • Taboada, Heidi A.
  • Coit, David W.

Abstract

A multiple objective problem formulation and solution methodology is presented to select optimal information and data storage configurations considering both data survivability and data security, as well as cost. This paper considers a situation where the information is divided into several separately stored blocks in order to mitigate the risk of unauthorized access or theft. The information can be used only if all of the blocks are accessed. To impede the information theft, the defender prefers to maximize the number of blocks. On the other hand the destruction of any block destroys the integrity of information and makes it impossible to use. To impede the information destruction, the defender prefers to maximize the number of parallel (reserve) copies of each block, regardless how many blocks in series there are. Given the set of available information storage resources, the defender must consider a multi-objective optimization problem to determine how many blocks and their copies to create, and how to distribute them among available resources in order to minimize information vulnerability, insecurity, and storage cost. Non-dominated solutions to this problem are determined using a multiple objective genetic algorithm (MOGA). This methodology is demonstrated with two general examples.

Suggested Citation

  • Levitin, Gregory & Hausken, Kjell & Taboada, Heidi A. & Coit, David W., 2012. "Data survivability vs. security in information systems," Reliability Engineering and System Safety, Elsevier, vol. 100(C), pages 19-27.
    • Handle: RePEc:eee:reensy:v:100:y:2012:i:c:p:19-27
    DOI: 10.1016/j.ress.2011.12.015
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S095183201100278X
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ress.2011.12.015?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Gal-Or, Esther, 1985. "Information Sharing in Oligopoly," Econometrica, Econometric Society, vol. 53(2), pages 329-343, March.
    2. Tanaka, Hideyuki & Matsuura, Kanta & Sudoh, Osamu, 2005. "Vulnerability and information security investment: An empirical analysis of e-local government in Japan," Journal of Accounting and Public Policy, Elsevier, vol. 24(1), pages 37-59.
    3. Amir Ziv, 1993. "Information Sharing in Oligopoly: The Truth-Telling Problem," RAND Journal of Economics, The RAND Corporation, vol. 24(3), pages 455-465, Autumn.
    4. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    5. Hausken, Kjell, 2006. "Income, interdependence, and substitution effects affecting incentives for security investment," Journal of Accounting and Public Policy, Elsevier, vol. 25(6), pages 629-665.
    6. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William, 2003. "Sharing information on computer systems security: An economic analysis," Journal of Accounting and Public Policy, Elsevier, vol. 22(6), pages 461-485.
    7. Alison J. Kirby, 1988. "Trade Associations as Information Exchange Mechanisms," RAND Journal of Economics, The RAND Corporation, vol. 19(1), pages 138-146, Spring.
    8. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    9. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William & Sohail, Tashfeen, 2006. "The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities," Journal of Accounting and Public Policy, Elsevier, vol. 25(5), pages 503-530.
    10. William Novshek & Hugo Sonnenschein, 1982. "Fulfilled Expectations Cournot Duopoly with Information Acquisition and Release," Bell Journal of Economics, The RAND Corporation, vol. 13(1), pages 214-218, Spring.
    11. Hausken, Kjell, 2007. "Information sharing among firms and cyber attacks," Journal of Accounting and Public Policy, Elsevier, vol. 26(6), pages 639-688.
    12. Xavier Vives, 1990. "Trade Association Disclosure Rules, Incentives to Share Information, and Welfare," RAND Journal of Economics, The RAND Corporation, vol. 21(3), pages 409-430, Autumn.
    13. Carl Shapiro, 1986. "Exchange of Cost Information in Oligopoly," The Review of Economic Studies, Review of Economic Studies Ltd, vol. 53(3), pages 433-446.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Chołda, Piotr & Følstad, Eirik L. & Helvik, Bjarne E. & Kuusela, Pirkko & Naldi, Maurizio & Norros, Ilkka, 2013. "Towards risk-aware communications networking," Reliability Engineering and System Safety, Elsevier, vol. 109(C), pages 160-174.
    2. Levitin, Gregory & Xing, Liudong & Xiang, Yanping, 2020. "Optimization of time constrained N-version programming service components with competing task execution and version corruption processes," Reliability Engineering and System Safety, Elsevier, vol. 193(C).
    3. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    4. Levitin, Gregory & Xing, Liudong & Xiang, Yanping, 2020. "Optimal early warning defense of N-version programming service against co-resident attacks in cloud system," Reliability Engineering and System Safety, Elsevier, vol. 201(C).
    5. Levitin, Gregory & Xing, Liudong & Dai, Yuanshun, 2018. "Co-residence based data vulnerability vs. security in cloud computing system with random server assignment," European Journal of Operational Research, Elsevier, vol. 267(2), pages 676-686.
    6. Zhang, Xiaoyu & Xu, Maochao & Da, Gaofeng & Zhao, Peng, 2021. "Ensuring confidentiality and availability of sensitive data over a network system under cyber threats," Reliability Engineering and System Safety, Elsevier, vol. 214(C).
    7. Hausken, Kjell, 2024. "Fifty Years of Operations Research in Defense," European Journal of Operational Research, Elsevier, vol. 318(2), pages 355-368.
    8. Ben Yaghlane, Asma & Azaiez, M. Naceur, 2017. "Systems under attack-survivability rather than reliability: Concept, results, and applications," European Journal of Operational Research, Elsevier, vol. 258(3), pages 1156-1164.
    9. Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
    10. Xing, Liudong & Levitin, Gregory, 2017. "Balancing theft and corruption threats by data partition in cloud system with independent server protection," Reliability Engineering and System Safety, Elsevier, vol. 167(C), pages 248-254.
    11. Gregory Levitin & Liudong Xing & Hong‐Zhong Huang, 2019. "Security of Separated Data in Cloud Systems with Competing Attack Detection and Data Theft Processes," Risk Analysis, John Wiley & Sons, vol. 39(4), pages 846-858, April.
    12. Luo, Liang & Xing, Liudong & Levitin, Gregory, 2019. "Optimizing dynamic survivability and security of replicated data in cloud systems under co-residence attacks," Reliability Engineering and System Safety, Elsevier, vol. 192(C).
    13. Heping Jia & Rui Peng & Yi Ding & Changzheng Shao, 2020. "Reliability analysis of distributed storage systems considering data loss and theft," Journal of Risk and Reliability, , vol. 234(2), pages 303-321, April.
    14. Peng, Rui & Xiao, Hui & Guo, Jianjun & Lin, Chen, 2020. "Optimal defense of a distributed data storage system against hackers’ attacks," Reliability Engineering and System Safety, Elsevier, vol. 197(C).

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    2. Xiaotong Li, 2022. "An evolutionary game‐theoretic analysis of enterprise information security investment based on information sharing platform," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(3), pages 595-606, April.
    3. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
    4. Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
    5. António Brandão & Joana Pinho, 2015. "Asymmetric Information And Exchange Of Information About Product Differentiation," Bulletin of Economic Research, Wiley Blackwell, vol. 67(2), pages 166-185, April.
    6. Medín, J. Andrés Faíña & Rodríguez, Jesús López & Rodríguez, José López, 2003. "Information Exchanges in Cournot Duopolies," Revista Brasileira de Economia - RBE, EPGE Brazilian School of Economics and Finance - FGV EPGE (Brazil), vol. 57(1), January.
    7. Malueg, David A. & Tsutsui, Shunichi O., 1996. "Duopoly information exchange: The case of unknown slope," International Journal of Industrial Organization, Elsevier, vol. 14(1), pages 119-136.
    8. Goltsman, Maria & Pavlov, Gregory, 2014. "Communication in Cournot oligopoly," Journal of Economic Theory, Elsevier, vol. 153(C), pages 152-176.
    9. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    10. Duarte Brito & Pedro Pereira & João Vareda, 2016. "Can More Information About Rivals' Costs Decrease Welfare?," Manchester School, University of Manchester, vol. 84(2), pages 251-269, March.
    11. Jin, Jim Y., 1996. "A test for information sharing in Cournot oligopoly," Information Economics and Policy, Elsevier, vol. 8(1), pages 75-86, March.
    12. Bacchetta, Philippe & Espinosa, Maria Paz, 1995. "Information sharing and tax competition among governments," Journal of International Economics, Elsevier, vol. 39(1-2), pages 103-121, August.
    13. Maura P. Doyle & Christopher M. Snyder, 1999. "Information Sharing and Competition in the Motor Vehicle Industry," Journal of Political Economy, University of Chicago Press, vol. 107(6), pages 1326-1364, December.
    14. Malueg, David A. & Tsutsui, Shunichi O., 1998. "Distributional assumptions in the theory of oligopoly information exchange1," International Journal of Industrial Organization, Elsevier, vol. 16(6), pages 785-797, November.
    15. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    16. Myatt, David P. & Wallace, Chris, 2015. "Cournot competition and the social value of information," Journal of Economic Theory, Elsevier, vol. 158(PB), pages 466-506.
    17. Charles Z. Liu & Humayun Zafar & Yoris A. Au, 2013. "Rethinking Fs-Isac: An It Security Information Sharing Model For The Financial Services Sector," Working Papers 0209is, College of Business, University of Texas at San Antonio.
    18. Sjaak Hurkens, 2014. "Bayesian Nash equilibrium in “linear” Cournot models with private information about costs," International Journal of Economic Theory, The International Society for Economic Theory, vol. 10(2), pages 203-217, June.
    19. Xing Gao & Weijun Zhong & Shue Mei, 2014. "A game-theoretic analysis of information sharing and security investment for complementary firms," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 65(11), pages 1682-1691, November.
    20. Lagerlof, Johan N.M., 2007. "Insisting on a non-negative price: Oligopoly, uncertainty, welfare, and multiple equilibria," International Journal of Industrial Organization, Elsevier, vol. 25(4), pages 861-875, August.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reensy:v:100:y:2012:i:c:p:19-27. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/reliability-engineering-and-system-safety .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.