Advanced search
Publication Cover
Journal of Management Information Systems Volume 26, 2009 - Issue 3
Journal homepage
211
Views
48
CrossRef citations to date
0
Altmetric
Original Article

Risks and Benefits of Signaling Information System Characteristics to Strategic Attackers

Marco Cremonini Department of Information Technology, University of Milan, Italy
&
Dmitri Nizovtsev Washburn University School of Business, Topeka, Kansas
Pages 241-274 | Published online: 08 Dec 2014
 
Sample our Information Science journals, sign in here to start your FREE access for 14 days

Abstract

The paper uses a game-theoretic setting to examine the interaction between strategic attackers who try to gain unauthorized access to information systems, or "targets," and defenders of those targets. Our analysis of the attacker-defender interaction shows that well-protected targets can use signals of their superior level of protection as a deterrence tool. This is due to the fact that, all other things being equal, rational attackers motivated by potential financial gains tend to direct their effort toward less-protected targets. We analyze several scenarios differing in the scope of publicly available information about target parameters and discuss conditions under which greater defenders' ability to signal their security characteristics may improve their welfare. Our results may assist security researchers in devising better defense strategies through the use of deterrence and provide new insight about the efficacy of specific security practices in complex information security environments.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related Research Data

Comprehensive approach to intrusion detection alert correlation
Source: Institute of Electrical and Electronics Engineers (IEEE)
Fixed- vs. variable-length patterns for detecting suspicious process behavior
Source: IOS Press
Information security economics - and beyond
Source: Springer Berlin Heidelberg
The economics of information security investment
Source: Association for Computing Machinery (ACM)
A DYNAMIC GAME OF R AND D: PATENT PROTECTION AND COMPETITIVE BEHAVIOR'
Source: JSTOR
The interstitiality of IT risk: An inquiry into information systems development practices
Source: Wiley
Techniques and tools for analyzing intrusion alerts
Source: Association for Computing Machinery (ACM)
The Value of Intrusion Detection Systems in Information Technology Security Architecture
Source: Institute for Operations Research and the Management Sciences (INFORMS)
Strategic defense and attack for series and parallel reliability systems
Source: Elsevier BV
Hacker Behavior, Network Effects, and the Security Software Market
Source: Informa UK Limited
A Study on a Sequential One-Defender-N -Attacker Game
Source: Wiley
Health-Care Security Strategies for Data Protection and Regulatory Compliance
Source: Informa UK Limited
:{unav)
Source: Springer Science and Business Media LLC
Income, interdependence, and substitution effects affecting incentives for security investment
Source: Elsevier
The Deterrent and Displacement Effects of Information Security Enforcement: International Evidence
Source: Informa UK Limited
Information Sharing Among Cyber Hackers in Successive Attacks
Source: World Scientific Pub Co Pte Lt
Incentive-based modeling and inference of attacker intent, objectives, and strategies
Source: Association for Computing Machinery (ACM)
The Market for “Lemons”: Quality Uncertainty and the Market Mechanism
Source: Oxford University Press (OUP)
Modeling network intrusion detection alerts for correlation
Source: Association for Computing Machinery (ACM)
A quantitative model of the security intrusion process based on attacker behavior
Source: Institute of Electrical and Electronics Engineers (IEEE)
Managing Interdependent Information Security Risks: Cyberinsurance, Managed Security Services, and Risk Pooling Arrangements
Source: Informa UK Limited
Network Software Security and User Incentives
Source: Institute for Operations Research and the Management Sciences (INFORMS)
Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment
Source: Informa UK Limited
Configuration of Detection Software: A Comparison of Decision and Game Theory Approaches
Source: Institute for Operations Research and the Management Sciences (INFORMS)
Basic concepts and taxonomy of dependable and secure computing
Source: Institute of Electrical and Electronics Engineers (IEEE)
Security Investment, Hacking, and Information Sharing between Firms and between Hackers
Source: MDPI AG
What Do We Know About the Substitution Effect in Transnational Terrorism?
Source: Routledge
Model-based evaluation: from dependability to security
Source: (:unav)
A model for evaluating IT security investments
Source: Association for Computing Machinery (ACM)
Experimenting with quantitative evaluation tools for monitoring operational security
Source: Institute of Electrical and Electronics Engineers (IEEE)
Towards Operational Measures of Computer Security
Source: IOS Press

Linking provided by 

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.