摘要
网络互联环境下企业被黑客入侵的概率受其自身信息系统安全水平和整个网络安全水平的共同影响.通过研究企业非合作博弈下的个体最优选择的均衡结果和合作下的社会最优投资选择,发现非合作企业在信息系统安全投资时会忽略其他企业的边际外部成本或收益,这种负外部性特征会导致企业自我防御投资额低于社会最优投资水平,从而影响社会福利最大化的实现.为解决这种非合作下的安全投资不足问题,根据网络安全保险设计了一种信息系统安全投资激励机制.结果表明,适当的保险免赔额可以在一定程度上将这种负外部性内部化,进而改善了企业安全水平,并有效提高了社会福利.
A firm's probability to incur loss (from being attacked) depends on both his security level and the network security level. We fully characterize equilibria of the noncooperative game, which give us the individually optimal security choices. And we also get the socially choices. After comparing these two equilibrium results, it is found that the nature of interdependent causes a negative externality that results in under-investment in self-defense relative to the socially efficient level by ignoring marginal external costs or benefits conferred on others. To solve the above mentioned problem, we design cyber insurance as an incentive for information system security investment. The key result is that limiting insurance coverage through deductibles can partially internalize this externality and thereby improve individual and social welfare.
出处
《系统工程理论与实践》
EI
CSSCI
CSCD
北大核心
2015年第4期1057-1062,共6页
Systems Engineering-Theory & Practice
基金
国家自然科学基金(71071033)
关键词
保险
信息系统安全
自我防御投资
激励
insurance
information system security
self-defense investment
incentive
作者简介
顾建强(1979-),男,江苏泰州人,博士研究生,研究方向:信息系统安全投资策略及风险管理,E—mail:gujianqiang@126.com;
梅姝娥(1968-),女,江苏南通人,博士生导师,教授,研究方向:信息安全经济学,电子商务;
仲伟俊(1962-),男,江苏南通人,博士生导师,教授,研究方向:信息管理与信息系统.
