Abstract
While mandatory security standards are salient in the management of information security, the related theoretic studies are scarce, especially when strategic hackers are considered. Using a game-theoretic model, this paper examines the strategic interaction in a resource sharing environment between two firms who invest in information security subject to the mandatory standard and one hacker who exerts attack efforts against the firms. It shows that the strict mandatory standard doesn’t always benefit each firm even though its information systems can be better protected. As the firms share more resource, each firm lacks strong motivation to invest enough in information security, and as a result stricter security standard should be formulated from the socially optimal standpoint. Moreover, we find that although compensation mechanism can urge each firm to invest more, this mechanism may harm each firm.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
