TITLE:
Is Public Co-Ordination of Investment in Information Security Desirable?
AUTHORS:
Christos Ioannidis, David Pym, Julian Williams
KEYWORDS:
Information Security, Information Stewardship, Investment, Public Co-Ordination
JOURNAL NAME:
Journal of Information Security,
Vol.7 No.2,
March
30,
2016
ABSTRACT: This paper provides for
the presentation, in an integrated manner, of a sequence of results addressing
the consequences of the presence of an information steward in an ecosystem
under attack and establishes the appropriate defensive investment responses,
thus allowing for a cohesive understanding of the nature of the information
steward in a variety of attack contexts. We determine the level of investment
in information security and attacking intensity when agents react in a
non-coordinated manner and compare them to the case of the system’s coordinated
response undertaken under the guidance of a steward. We show that only in the
most well-designed institutional set-up the presence of the well-informed
steward provides for an increase of the system’s resilience to attacks. In the
case in which both the information available to the steward and its policy
instruments are curtailed, coordinated policy responses yield no additional
benefits to individual agents and in some case they actually compared
unfavourably to atomistic responses. The system’s sustainability does improve
in the presence of a steward, which deters attackers and reduces the numbers
and intensity of attacks. In most cases, the resulting investment expenditure
undertaken by the agents in the ecosystem exceeds its Pareto efficient
magnitude.