Information sharing vs. privacy: A game theoretic analysis |
| |
| Affiliation: | 1. Advanced Visualization Laboratory–VizLab–Vale do Rio dos Sinos University (UNISINOS), Av. Unisinos, 950, São Leopoldo, 93022-000, RS, Brazil;2. Department of Civil Construction, Federal Institute of Santa Catarina (IFSC), Florianopolis, 88020-300, SC, Brazil;3. Institute of Geography, Federal University of Uberlandia (UFU), Monte Carmelo, 38500-000, MG, Brazil;4. Graduate Program in Transportation Engineering, University of São Paulo, São Carlos School of Engineering (EESC), São Carlos - SP, Brazil;1. Advanced Virtual and Intelligent Computing (AVIC) Center, Department of Mathematics and Computer Science, Faculty of Science, Chulalongkorn University, Bangkok, Thailand;2. Department of Biochemistry, Faculty of Science, Chulalongkorn University, Bangkok, Thailand;3. Department of Microbiology, Faculty of Public Health, Mahidol University, Bangkok, Thailand;1. CINI Assistive Technologies National Lab & DAUIN, Politecnico di Torino, Italy;2. Department of Mathematics, University of Turin, Via Carlo Alberto 10, 10121 Torino, Italy;3. Istituto Superiore Mario Boella, Center for Applied Research on ICT, Via Pier Carlo Boggio 61, 10138, Torino, Italy;1. Department of Electronics and Communication Engineering, National Institute of Technology Goa, Farmagudi, Ponda, Goa, 403401, India;2. Department of Instrumentation and Control Engineering, PSG College of Technology, Coimbatore, 641004, India;3. Department of Electronics and Communication Engineering, Institute of Aeronautical Engineering, Dundigal, Hyderabad, 500 043, India |
| |
| Abstract: | Sharing cyber security information helps firms to decrease cyber security risks, prevent attacks, and increase their overall resilience. Hence it affects reducing the social security cost. Although previously cyber security information sharing was being performed in an informal and ad hoc manner, nowadays through development of information sharing and analysis centers (ISACs), cyber security information sharing has become more structured, regular, and frequent. This is while, the privacy risk and information disclosure concerns are still major challenges faced by ISACs that act as barriers in activating the potential impacts of ISACs.This paper provides insights on decisions about security investments and information sharing in consideration of privacy risk and security knowledge growth. By the latest concept i.e. security knowledge growth, we mean fusing the collected security information, adding prior knowledge, and performing extra analyses to enrich the shared information. The impact of this concept on increasing the motivation of firms for voluntarily sharing their sensitive information to authorities such as ISACs has been analytically studied for the first time in this paper. We propose a differential game model in which a linear fusion model for characterizing the process of knowledge growth via the ISAC is employed. The Nash equilibrium of the proposed game including the optimized values of security investment, and the thresholds of data sharing with the price of privacy are highlighted. We analytically find the threshold in which the gain achieved by sharing sensitive information outweighs the privacy risks and hence the firms have natural incentive to share their security information. Moreover, since in this case the threshold of data sharing and the security investment levels chosen in Nash equilibrium may be lower than social optimum, accordingly we design mechanisms which would encourage the firms and lead to a socially optimal outcome. The direct impact of the achieved results is on analyzing the way ISACs can convince firms to share their security information with them. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
