| As IT and Internet developing, Information security has expanded into political, economical, social areas of nation. People was suffered more and more losses by net attacks and information security issues. But a long time, China export computer products, operation system from foreign countrys with a lot of unknown vulnerabilities. But sole cryptogram and security technology mechanism don't solved information security thoroughly; information security problem is not only technology, and also economics, management and operation issues. Main contents of the research are as follows.1. Economics analysis of information security problem from IT productions\online enterprises\public management. It is an important to make information security decisions according to economical analysis results. Without vulnerabilities in products, information systems are immunity to attacks. We illustrate soft production with vulnerabilities, find that information asymmetry and requirement of security lack are mainly economical reason of vulnerability left in information production, vulnerability is result of double adverse selection and lack requirement. If security technology is certain, orgernazation information security measurement determines result of security. Each agent`s information security investment is costly to observe and verify by third parties that are reason of double moral hazard. Information security on networks has become a critical factor of national security, which should research it as public goods provided by government.2. To avoid adverse selection of seurity in information system, takeing vulnerabilities as signals metric. The metric of quality, which can be measured throughout the testing process, is the market price to find, demonstrate, and report a previously undetected defect in the system. Vulnerability market characaters model is constructed and additional assumptions so that a Bayesian-Nash equilibrium analysis may be performed. We try to give a vulnerability auction market model and patch management model, so vulnerabilities are eliminated.3. Under conditions of double moral hazard, considering the competition impacts of e-business optimal investment in information security, a two-stage game-theoretic model is constructed that addresses the economic revenue for investment in added information security in Dual-Oligopoly Market. In the model, an e-business firm with a higher level of security is able to earn a higher expected revenue, the expected revenue gains resulting from investments in security. The model gains the optimal investment in security and price in equilibrium in Oligopoly Market. The preemption of investment in security is becoming leader of e-business,so it is a very efficient tool for e-business to avoid moral hazard of investment in information security decisions.An improved binary particle swarm optimization (PSO)-based approach is presented for organizations to choose a simple tool for supporting information security investment decisions making.4. In order to analyze the online enterprises Information Security optimal measures quantitatively, a firm information security decision model is constructed. Based on the information security decision model, the information security measures are increasing in firm size. Lots of online small-and-medium-enterprises become huge threads without incentive investment in security measures. When firms are attacked by independent threads, the enterprise can deploy security measures optimization, but net attacks are contagious threats, the enterprises will loss enormous profits in spite of deployed security measures. Then the whole net vulnerability is necessary considered to realize social information security investment optimization.5. We propose a real option game model to the Industrialization of the national information security high technology strategies that different uncertainties effect on research and development project`s option value and the participant`s entry threshold. The last some sugustions about government information security controlling are provided,a security case experiment and number cacaulations is applied.
|
PDF Full Text Request