A Dynamic Cyber Security Economic Model: Incorporating Value Functions for All Involved Parties

A Dynamic Cyber Security Economic Model: Incorporating Value Functions for All Involved Parties

C. Warren Axelrod (Delta Risk LLC, USA)
DOI: 10.4018/978-1-4666-0978-5.ch024
OnDemand PDF Download:
No Current Special Offers


One cannot develop effective economic models for information security and privacy without having a good understanding of the motivations, disincentives, and other influencing factors affecting the behavior of criminals, victims, defenders, product and service providers, lawmakers, law enforcement, and other interested parties. Predicting stakeholders’ actions and reactions will be more effective if one has a realistic representation of how each of the various parties will respond to internal motivators and external stimuli. In this chapter, reactions of involved parties are assumed to be based on “personal utility functions.” However, it is not sufficient merely to develop static utility functions, since the net value of security and privacy changes dynamically. External events, such as the announcement of a new threat, also have a significant effect on both subjective and objective net value. Knowing how such value functions vary over time helps determine the overall dynamic impact of security and privacy measures on the behavior of various participants and ultimately on the economic model that describes these behaviors. Also in this chapter, the authors enumerate the many factors that affect all the various parties and examine how these factors affect the responses of all those involved due to the economic impact of particular exploits and situations as they affect different groups.
Chapter Preview

Involved Parties

Who are the involved parties? There are attackers, victims and defenders, and then there are a series of facilitators, intermediaries, detractors, enforcers, and the like. Each category of party has a specific role and set of values, which can be expressed in terms of “utility functions,”6 and responds to changes in the environment in different ways based on the net value to the party aggregated over time. It is this set of complex interactions that represents the cyber security economic model developed here.

We now examine the various players – who they are, what their roles are, how they react to specific situations and how their behaviors can be modified in order to optimize the economics.

Complete Chapter List

Search this Book: