基于Gordon-Loeb模型的信息安全投资博弈研究

Research on the game of information security investment based on the Gordon-Loeb model

为了研究信息安全投资外部性的影响,将Gordon-Loeb模型扩展到多组织博弈环境下,分别得出在正负外部性下,面对不同类型的攻击时,最优信息安全投资与脆弱性、潜在损失和投资效率的关系,并且比较了与社会最优条件下最优信息安全投资的差别。结果表明,正外部性条件下的信息安全投资变化规律与单一组织的情况相比存在一定相似之处,但负外部性下的信息安全投资改变较大,总体更加谨慎,并且攻击类型对于信息安全投资有着重要影响。

In order to study the impacts of externalities of information security investment, the Gordon-Loeb model was extended to a multi-organization game environment. The relationships of the optimal information security investment with vulnerability, potential loss and investment effectiveness when confronted with different attack types under the posi-tive and negative externalities were obtained respectively, and the difference with the optimal information security in-vestment under the social optimum condition was compared. The results show that there were some similarities in the varying pattern of information security investment between the condition of the positive externality and a single organi-zation, but information security investment under the negative externality changes greatly and was generally more cau-tious, and attack types also have important impacts on information security investment.