Abstract
Nowadays, business connection between firms becomes rather common so that one firm stores not only its information asset but also some of other firms’ information asset. The management of information security is vital for these resource-sharing firms. This paper constructs a game-theoretic model between two resource-sharing firms and one hacker to examine their strategic interaction when the firms face budget constraint on security investment. We consider security information sharing between the firms, which can improve their overall security effort but meantime facilitate the hacker’s learning to reduce attack costs. We find that although a tight budget constraint can help save investment cost, the firms always suffer from a poorly secure environment. It shows that although security information sharing is usually encouraged, the firms may be hurt when security information sharing is excessive so that fierce cyber-attacks are induced. We finally design an optimal compensation mechanism, in which the compensation fund is shown to increase with the degree of resource sharing.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
