摘要
以IDSs和人工调查技术组合为例,通过构建博弈模型,分析了基于风险偏好的信息系统安全技术选择与配置策略,认为组织信息系统安全技术的选择与配置不仅受其自身风险偏好影响,同时还受黑客风险偏好影响。研究结论显示:组织在黑客期望收益很低时对风险厌恶型黑客的人工调查率更高,而在黑客期望收益很高时对风险中立型黑客的调查率更高;黑客在组织人工调查成本较低时更倾向于入侵风险中立型组织,在人工调查成本很高时更愿意入侵风险厌恶型组织;多IDSs的防护效率并非总是优于单IDS,组织在两者之间选择时取防护效率高者,而不受风险偏好影响。
By taking the IDSs and manual investigation technology portfolio as the example and by constructing the game model,the selection and configuration of information system security technologies on the basis of risk preference was analyzed through a game model,considering that an organization's information system security technology strategy was not only influenced by its own risk preference,but also by the hacker's. The conclusions of this paper show us that organizations would investigate risk aversion hackers manually more than risk neutral ones when the hackers' expected revenues are very low,otherwise they would investigate risk neutral hackers manually more; hackers would intrude risk neutral organizations more probably when the costs of manual investigation are low,otherwise they would intrude risk aversion organizations more; the protective efficiency of deploying multiple IDSs is not always higher than deploying single one,and the technology portfolio with higher protective efficiency would be chosen by organizations,which is not influenced by risk preferences.
出处
《科研管理》
CSSCI
CSCD
北大核心
2017年第12期165-172,共8页
Science Research Management
基金
国家自然科学基金资助项目(71071033)
扬州大学人文社科研究基金项目(xjj2016-38)
关键词
信息系统安全
安全技术策略
人工调查
配置
风险偏好
information system security
security technology strategy
manual investigation
configuration
risk preference
