In order to solve the problem of how a firm makesan optimal choice in developing information systems whenfaced with the foUowing three modes: development by its ownefforts, outsourcing them to a managed security serv...In order to solve the problem of how a firm makesan optimal choice in developing information systems whenfaced with the foUowing three modes: development by its ownefforts, outsourcing them to a managed security serviceprovider (MSSP) and cooperating with the MSSP, the firm'soptimal investment strategies are discussed by modeling andanalyzing the maximum expected utility in the above casesunder the condition that the firm plays games with an attacker.The results show that the best choice for a form is determinedby the reasonable range of the cooperative developmentcoefficient and applicable conditiovs. When the cooperativedevelopment coefficient is large, it is more rational for thefirm to cooperate with the MSSP to develop the informationsystem. When the cooperative development coefficient issmall, it is more rational for the firm to develop theinformation system by its own efforts. It also shows that theattacker's maximum expected utility increases with the increasein the attacker's breach probability and cost coefficient whenthe cooperative development coefficient is small. On thecontrary, it decreases when the cooperative developmentcoefficient is large.展开更多
基金The National Natural Science Foundation of China(No.71371050)
文摘In order to solve the problem of how a firm makesan optimal choice in developing information systems whenfaced with the foUowing three modes: development by its ownefforts, outsourcing them to a managed security serviceprovider (MSSP) and cooperating with the MSSP, the firm'soptimal investment strategies are discussed by modeling andanalyzing the maximum expected utility in the above casesunder the condition that the firm plays games with an attacker.The results show that the best choice for a form is determinedby the reasonable range of the cooperative developmentcoefficient and applicable conditiovs. When the cooperativedevelopment coefficient is large, it is more rational for thefirm to cooperate with the MSSP to develop the informationsystem. When the cooperative development coefficient issmall, it is more rational for the firm to develop theinformation system by its own efforts. It also shows that theattacker's maximum expected utility increases with the increasein the attacker's breach probability and cost coefficient whenthe cooperative development coefficient is small. On thecontrary, it decreases when the cooperative developmentcoefficient is large.