IDEAS home Printed from https://ideas.repec.org/a/gam/jmathe/v6y2018i10p177-d172189.html
   My bibliography  Save this article

Sustainability of Information Security Investment in Online Social Networks: An Evolutionary Game-Theoretic Approach

Author

Listed:
  • Guang Zhu

    (School of Management Science and Engineering, Nanjing University of Information Science and Technology, Nanjing 210044, China
    China Institute of Manufacturing Development, Nanjing University of Information Science and Technology, Nanjing 210044, China)

  • Hu Liu

    (School of Management Science and Engineering, Nanjing University of Information Science and Technology, Nanjing 210044, China)

  • Mining Feng

    (China Institute of Manufacturing Development, Nanjing University of Information Science and Technology, Nanjing 210044, China)

Abstract

With the rapid development of information technologies, security violations in online social networks (OSN) have emerged as a critical issue. Traditional technical and organizational approaches do not consider economic factors, which are increasingly important to sustain information security investment. In this paper, we develop an evolutionary game model to study the sustainability of information security investment in OSN, and propose a quantitative approach to analyze and optimize security investment. Additionally, we examine a contract with an incentive mechanism to eliminate free riding, which helps sustain the security investment. Numerical examples are provided for illustration and simulation purposes, leading to several countermeasures and suggestions. Our analytical results show that the optimal strategy of information security investment not only is correlated with profit growth coefficients and investment costs, but is also influenced significantly by the profits from free riding. If the profit growth coefficients are prohibitively small, both OSN service providers and online platforms will not choose to sustain investment based on small profits. As profit growth coefficients increase, there is a higher probability that game players will invest. Another major finding is that the (Invest, Invest) profile is much less sensitive to the change of profit growth coefficients and the convergent speed of this scenario is faster than the other profiles. The government agency can use the proposed model to determine a proper incentive or penalty to help both parties reach the optimal strategies and thus improve OSN security.

Suggested Citation

  • Guang Zhu & Hu Liu & Mining Feng, 2018. "Sustainability of Information Security Investment in Online Social Networks: An Evolutionary Game-Theoretic Approach," Mathematics, MDPI, vol. 6(10), pages 1-19, September.
  • Handle: RePEc:gam:jmathe:v:6:y:2018:i:10:p:177-:d:172189
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2227-7390/6/10/177/pdf
    Download Restriction: no

    File URL: https://www.mdpi.com/2227-7390/6/10/177/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Daniel Friedman, 1998. "On economic applications of evolutionary game theory," Journal of Evolutionary Economics, Springer, vol. 8(1), pages 15-43.
    2. Stephen W. Salant & Sheldon Switzer & Robert J. Reynolds, 1983. "Losses From Horizontal Merger: The Effects of an Exogenous Change in Industry Structure on Cournot-Nash Equilibrium," The Quarterly Journal of Economics, President and Fellows of Harvard College, vol. 98(2), pages 185-199.
    3. Chaitanya Gokhale & Arne Traulsen, 2014. "Evolutionary Multiplayer Games," Dynamic Games and Applications, Springer, vol. 4(4), pages 468-488, December.
    4. Zhang, Huiming & Xu, Zhidong & Zhou, Dequn & Cao, Jie, 2017. "Waste cooking oil-to-energy under incomplete information: Identifying policy options through an evolutionary game," Applied Energy, Elsevier, vol. 185(P1), pages 547-555.
    5. Geert Jan Olsder, 2000. "Differential Game-Theoretic Thoughts On Option Pricing And Transaction Costs," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 2(02n03), pages 209-228.
    6. Esther Gal-Or & Anindya Ghose, 2005. "The Economic Incentives for Sharing Security Information," Information Systems Research, INFORMS, vol. 16(2), pages 186-208, June.
    7. Huseyin Cavusoglu & Young Kwark & Bin Mai & Srinivasan Raghunathan, 2013. "Passenger Profiling and Screening for Aviation Security in the Presence of Strategic Attackers," Decision Analysis, INFORMS, vol. 10(1), pages 63-81, March.
    8. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    9. Chan Y. Han & Brian J. Lunday & Matthew J. Robbins, 2016. "A Game Theoretic Model for the Optimal Location of Integrated Air Defense System Missile Batteries," INFORMS Journal on Computing, INFORMS, vol. 28(3), pages 405-416, August.
    10. Vijay Mookerjee & Radha Mookerjee & Alain Bensoussan & Wei T. Yue, 2011. "When Hackers Talk: Managing Information Security Under Variable Attack Rates and Knowledge Dissemination," Information Systems Research, INFORMS, vol. 22(3), pages 606-623, September.
    11. Xing Gao & Weijun Zhong & Shue Mei, 2014. "A game-theoretic analysis of information sharing and security investment for complementary firms," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 65(11), pages 1682-1691, November.
    12. Gordon, Lawrence A. & Loeb, Martin P. & Lucyshyn, William, 2003. "Sharing information on computer systems security: An economic analysis," Journal of Accounting and Public Policy, Elsevier, vol. 22(6), pages 461-485.
    13. Jack Shih-Chieh Hsu & Sheng-Pao Shih & Yu Wen Hung & Paul Benjamin Lowry, 2015. "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness," Information Systems Research, INFORMS, vol. 26(2), pages 282-300, June.
    14. Asunur Cezar & Huseyin Cavusoglu & Srinivasan Raghunathan, 2014. "Outsourcing Information Security: Contracting Issues and Security Implications," Management Science, INFORMS, vol. 60(3), pages 638-657, March.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Guang Zhu & Hu Liu & Mining Feng, 2018. "An Evolutionary Game-Theoretic Approach for Assessing Privacy Protection in mHealth Systems," IJERPH, MDPI, vol. 15(10), pages 1-27, October.
    2. Xing Gao & Weijun Zhong, 2016. "A differential game approach to security investment and information sharing in a competitive environment," IISE Transactions, Taylor & Francis Journals, vol. 48(6), pages 511-526, June.
    3. Xing Gao & Weijun Zhong, 2016. "Economic incentives in security information sharing: the effects of market structures," Information Technology and Management, Springer, vol. 17(4), pages 361-377, December.
    4. Yong Wu & Junlin Duan & Tao Dai & Dong Cheng, 2020. "Managing Security Outsourcing in the Presence of Strategic Hackers," Decision Analysis, INFORMS, vol. 17(3), pages 235-259, September.
    5. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    6. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
    7. Xing Gao & Weijun Zhong & Shue Mei, 2013. "Information Security Investment When Hackers Disseminate Knowledge," Decision Analysis, INFORMS, vol. 10(4), pages 352-368, December.
    8. Xing Gao & Weijun Zhong & Shue Mei, 2015. "Security investment and information sharing under an alternative security breach probability function," Information Systems Frontiers, Springer, vol. 17(2), pages 423-438, April.
    9. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    10. Xiaotong Li, 2022. "An evolutionary gameā€theoretic analysis of enterprise information security investment based on information sharing platform," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(3), pages 595-606, April.
    11. Levitin, Gregory & Hausken, Kjell & Taboada, Heidi A. & Coit, David W., 2012. "Data survivability vs. security in information systems," Reliability Engineering and System Safety, Elsevier, vol. 100(C), pages 19-27.
    12. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    13. Paul, Jomon A. & Zhang, Minjiao, 2021. "Decision support model for cybersecurity risk planning: A two-stage stochastic programming framework featuring firms, government, and attacker," European Journal of Operational Research, Elsevier, vol. 291(1), pages 349-364.
    14. Guang Zhu & Gaozhi Pan & Weiwei Zhang, 2018. "Evolutionary Game Theoretic Analysis of Low Carbon Investment in Supply Chains under Governmental Subsidies," IJERPH, MDPI, vol. 15(11), pages 1-27, November.
    15. Meilin He & Laura Devine & Jun Zhuang, 2018. "Perspectives on Cybersecurity Information Sharing among Multiple Stakeholders Using a Decisionā€Theoretic Approach," Risk Analysis, John Wiley & Sons, vol. 38(2), pages 215-225, February.
    16. Kjell Hausken, 2017. "Information Sharing Among Cyber Hackers in Successive Attacks," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 19(02), pages 1-33, June.
    17. Xinbao Liu & Xiaofei Qian & Jun Pei & Panos M. Pardalos, 2018. "Security investment and information sharing in the market of complementary firms: impact of complementarity degree and industry size," Journal of Global Optimization, Springer, vol. 70(2), pages 413-436, February.
    18. Schilling, Andreas & Werners, Brigitte, 2016. "Optimal selection of IT security safeguards from an existing knowledge base," European Journal of Operational Research, Elsevier, vol. 248(1), pages 318-327.
    19. Xing Gao & Weijun Zhong, 2015. "Information security investment for competitive firms with hacker behavior and security requirements," Annals of Operations Research, Springer, vol. 235(1), pages 277-300, December.
    20. Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jmathe:v:6:y:2018:i:10:p:177-:d:172189. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.