Study On The Game Of Information Security Investment For Firms In The Environment Of Internet Of Things

With the continuous development of Internet of things (IoT) technologies, the application of IoT is becoming more and more widespread in production and life. The application of IoT can provide real-time monitoring and response, and improve the efficiency of resource utilization. Firms can integrate their business through the application of IoT to promote their profits and enhance enterprise competitiveness.Although IoT can bring enormous economic benefits for firms, it will also introduce some information security issues. The wireless communication and transmission technology used in the application of IoT makes it easier for hackers to intercept and manipulate the business data of a firm, which leads the information security issue to be more severe in IoT environment. Therefore, the enterprises adopting IoT technologies need to invest in information security to improve their information security level and cut down the loss resulting from information security events. In addition, the information security performance of wireless communication and transmission devices used in the application of IoT has a key influence on the product demand. The manufacturing enterprises of these wireless devices need to invest in information security performance of their products to promote the product sales. In order to improve the scientificity and reasonability of information security management, and avoid the blindness of information security investment for firms in IoT environment, this dissertation conducts an intensive study on the information security investment problem for firms in the environment of IoT.From the point of view of enterprises adopting IoT technologies and enterprises producing IoT devices, respectively, this dissertation investigates three kinds of information security problems systematically. First, we analyze the economy of a multiple-period IoT plan of traditional firms from the perspective of information security investment, and investigate the information security investment and business information sharing problem for two firms adopting IoT technologies in multiple periods. Then considering that the network structure of cooperative finns in IoT environment is complex, the information security investment problem for multiple firms adopting IoT technologies is studied. At last,we examine the information security investment and security information sharing problem for multiple firms who produce complimentary IoT devices. Three game models are built for the three problems, respectively. The equilibrium strategy in the non-cooperative game and the optimal strategy in the totally cooperative game are analyzed. Our research contents and contributions can be summarized as follows:(1) The information security investment and business information sharing problem for two firms in multiple periods is investigated. The business information sharing between, firms can bring benefits, whereas, it will also bring the risk of information leakage. Firms need to determine the appropriate level of information sharing. For the problem, that whether traditional firms need to deploy IoT technologies, the game models of information security investment and business information sharing for firms in traditional environment and IoT environment are built, respectively. The information security investment and information sharing strategies of traditional firms and IoT firms are both given in the non-cooperative case and in the totally cooperative case. In both cases, the strategies of traditional firms and IoT firms are compared to determine whether traditional firms should deploy IoT technologies. The impacts of decision period number and interdependence degree between firms on the strategies of IoT firms are analyzed. It can be found that with the increase of period number,when firms make decisions individually, the security investment may increase, or decrease, or even remain unchanged; when firms make decisions jointly, the security investment will increase with period number. When firms make decisions individually,the security investment will decrease with interdependence degree; while when firms make decisions jointly, the security investment will increase with interdependence degree. Through some numerical experiments, whether the N-period IoT plan is economical is analyzed. Based on the experiment results, some valuable properties are obtained. A collaborative decision-making mechanism is designed to encourage firms make the optimal decision.(2) Information security investment problem for multiple firms in networks with different topologies is studied. In consideration of the great number of firms in IoT environment, the complexity of network structure, and multiple-step propagation of security breaches, a game model of information security investment among n firms in a fully connected network is proposed. The Nash equilibrium investment (obtained when firms make decisions individually) and the optimal investment (obtained when firms make decisions jointly) are given. The impacts of network size and one-step propagation probability on firms' strategies are examined. It can be obtained that a larger network size or one-step propagation probability have a negative effect on a firm's Nash equilibrium investment, and an uncertain effect on the optimal investment,which depends on the concrete conditions. A compensation mechanism is proposed to encourage firms to coordinate their strategies and invest the optimal amount when they make decisions individually. In order to verify the effect of network topology on a firm's strategy and profit, our model is extended to ring network structure. It can be found that a higher connection density of the network will result in a greater expected cost for each firm.(3) Information security investment and security information sharing problem for multiple complimentary firms is studied. The security performance of IoT devices such as RFID (radio frequency identification devices) and wireless sensors has a significant influence on the product demand. Besides, these products are complementary for a specific IoT application. For the problem of information security investment and security information sharing for multiple complementary firms producing IoT devices, a differential game model is proposed. Firms' strategies in both the non-cooperative case and the totally cooperative case are investigated. Under certain conditions, a unique steady state can be obtained for both cases. The research result indicates that the steady state security investment is not always less in the non-cooperative case than that in the totally cooperative case. The impacts of the complementarity degree and industry size on firms' steady state strategies for both cases are analyzed. Some numerical experiments are conducted to obtain some insights related to the instantaneous profit in the steady state. It can be found that a firm will obtain more instantaneous profit in the steady state of the totally cooperative case than that of the non-cooperative case,which emphasizes the importance of coordinating strategies. The experiment result also indicates that the effect of the complementarity degree on instantaneous profits in the steady state is negative, and the impact of industry size on the instantaneous profits in the steady state is related to the complementarity degree.Through theoretical proof and numerical experiment, this dissertation investigates the game of information security investment for firms in the environment of IoT.Three new game models are built and some novel research results are obtained. This study provides some decision references for the information security investment of firms in IoT environment, and has important theoretical and practical significance.