Skip navigation
Full metadata record
DC FieldValueLanguage
dc.contributor.authorGhose, Anindya-
dc.contributor.authorHausken, Kjell-
dc.date.accessioned2006-11-14T18:38:49Z-
dc.date.available2006-11-14T18:38:49Z-
dc.date.issued2006-08-24-
dc.identifier.urihttp://hdl.handle.net/2451/14810-
dc.description.abstractOne firm invests in security to defend against cyber attacks by two hackers. Each hacker chooses an optimal attack, and they share information with each other about the firm's vulnerabilities. Each hacker prefers to receive information, but delivering gives competitive advantage to the other hacker. We find that each hacker's attack and information sharing are strategic complements while one hacker's attack and the other hacker's information sharing are strategic substitutes. The attack is inverse U-shaped in the firm's unit defense cost, and reaches zero, while the firm's defense and profit decrease, and the hackers' information sharing and profit increase. The firm's profit increases in the hackers' unit cost of attack, while the hackers' information sharing and profit decrease. Our analysis also reveals the interesting result that the cumulative attack level of the hackers is not affected by the effectiveness of information sharing between them and moreover, is also unaffected by the intensity of joint information sharing. We also find that as the effectiveness of information sharing between hackers increases relative to the investment in attack, the firm's investment in cyber security defense and profit are constant, the hackers' investments in attacks decrease, and information sharing levels and hacker profits increase. In contrast, as the intensity of joint information sharing increases, while the firm's investment in cyber security defense and profit remain constant, the hackers' investments in attacks increase, and the hackers' information sharing levels and profits decrease. Increasing the firm's asset causes all the variables to increase linearly, except information sharing which is constant. We extend our analysis to endogenize the firm's asset and this analysis largely confirms the preceding analysis with a fixed asset.en
dc.format.extent313276 bytes-
dc.format.mimetypeapplication/pdf-
dc.languageEnglishEN
dc.language.isoen
dc.publisherStern School of Business, New York Universityen
dc.relation.ispartofseriesCeDER-06-10en
dc.subjectCyber waren
dc.subjecthackingen
dc.subjectattacken
dc.subjectdefenseen
dc.subjectconflicten
dc.subjectcontest success functionen
dc.subjectsecurity investmenten
dc.subjectinformation sharingen
dc.subjectsecurity breachesen
dc.titleA Strategic Analysis of Information Sharing Among Cyber Attackersen
dc.typeWorking Paperen
dc.description.seriesInformation Systems Working Papers SeriesEN
Appears in Collections:IOMS: Information Systems Working Papers
CeDER Working Papers

Files in This Item:
File Description SizeFormat 
CEDER-06-10.pdf305.93 kBAdobe PDFView/Open


Items in FDA are protected by copyright, with all rights reserved, unless otherwise indicated.