Journal of Information Security

Volume 7, Issue 2 (March 2016)

ISSN Print: 2153-1234   ISSN Online: 2153-1242

Google-based Impact Factor: 3.25  Citations  

The “Iterated Weakest Link” Model of Adaptive Security Investment

HTML  XML Download Download as PDF (Size: 1001KB)  PP. 81-102  
DOI: 10.4236/jis.2016.72006    3,172 Downloads   4,595 Views  Citations
Author(s)

ABSTRACT

We devise a model for security investment that reflects dynamic interaction between a defender, who faces uncertainty, and an attacker, who repeatedly targets the weakest link. Using the model, we derive and compare optimal security investment over multiple periods, exploring the delicate balance between proactive and reactive security investment. We show how the best strategy depends on the defender’s knowledge about prospective attacks and the recoverability of costs when upgrading defenses reactively. Our model explains why security under-investment is sometimes rational even when effective defenses are available and can be deployed independently of other parties’ choices. Finally, we connect the model to real-world security problems by examining two case studies where empirical data are available: computers compromised for use in online crime and payment card security.

Share and Cite:

Böhme, R. and Moore, T. (2016) The “Iterated Weakest Link” Model of Adaptive Security Investment. Journal of Information Security, 7, 81-102. doi: 10.4236/jis.2016.72006.

Cited by

[1] Identifying Subdomain Doppelganger Attacks against Companies
2024
[2] The effect of ISBs on publicly listed companies' business performance
2023
[3] Capturing the Dynamic Nature of Cyber Risk: Evidence from an Explorative Case Study
2023
[4] Impact of Internal Control, Cybersecurity Risk, and Competitive Advantage on Retail Cybersecurity Budget
2022
[5] A Methodology for Quantifying the Value of Cybersecurity Investments in the Navy
2022
[6] Penerapan Arch-Garch model terhadap prediksi harga saham PT XXX dalam Masa Covid-19
2022
[7] Decision-Makers' Understanding of Cyber-Security's Systemic and Dynamic Complexity: Insights from a Board Game for Bank Managers
Systems, 2022
[8] Cybersecurity For Defense Economists
Defence and Peace Economics, 2022
[9] Unravelling the dynamic complexity of cyber-security: Towards identifying core systemic structures driving cyber-security investment decision-making
2022
[10] Covenants Without the Sword: Market Incentives for Cybersecurity Investment
2021
[11] Hacking for good: Leveraging HackerOne data to develop an economic model of Bug Bounties
2021
[12] Research Specialties Security Economics, Cybercrime Measurement, Cybersecurity Policy, Cryptocurrencies Fellowships and Awards
2020
[13] Ten years of attacks on companies using visual impersonation of domain names
2020
[14] Modeling the effect of spending on cyber security by using surplus process
Mathematical Problems in Engineering, 2020
[15] Dynamic Games in Cyber-Physical Security: An Overview
2019
[16] The economics of cyber risk transfer
2019
[17] Cybersecurity Information Sharing Ecosystems: From the Perspective of Value Creation and Security Investments
2019
[18] Decision Problems in Information Security: Methodologies and Quantitative Models
2018
[19] Monte Carlo methods to investigate how aggregated cyber insurance claims data impacts security investments
2018
[20] Cyber-Warranties as a Quality Signal for Information Security Products
Decision and Game Theory for Security, 2018
[21] The practice of information security: An analysis of government employees in Tanzania using the Health Belief Model (HBM)
2017
[22] Research Specialties
2016
[23] Software Security Investment: The Right Amount of a Good Thing
2016

Journals Menu
Follow SCIRP
Contact us
customer@scirp.org
WhatsApp +86 18163351462(WhatsApp)
Click here to send a message to me 1655362766
Paper Publishing WeChat

Copyright © 2025 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.