Research On Game Analysis Of Information Security Investment In Organizations

Information security is an urgent problem for all kinds of organizations all over the world. Information security is not just a research field of technology, but a systematical engineering of technology, management and law. Information security investment problem is the research field of management. The distinct characteristic of information security investment is strategy interdependence, and strategy interdependence is just the basic characteristic of Game Theory. This doctoral dissertation has made scientific researches on information security problem based on game theory, and provides new methods to solve information security problem for organizations.This doctoral dissertation analyzes information security investment decision problem of the organizations by finite strategy game first, then analyzes the investment quantity of information security by infinite strategy game. Also, in view of bounded rationality and the need to predict the long-term stable trend, this doctoral dissertation studies information security investment under defenders game and attacker-defender game by evolutionary game theory. The main works are as follows:1. The finite strategy game analysis method of information security investment decision for organizations is proposed, and it provides the decision support for the correct information security investment. The information security investment decision game model is set up based on payoff matrix, and this game model contains all the value benefits of information security investment including the direct value benefits of preventing information security disaster and the indirect value benefits such as improving brand value and organization reputation. For information security investment decision game model between two organizations, the contrast of pure strategies and mixed strategies Nash Equilibrium shows the consistency of two analyses. In addition, when the information security investment cost is relatively high, the introduction of penalty parameter can achieve ideal Nash Equilibrium again. The example illustrates the information security investment game of two organizations. For the information security investment game model among organizations, the factors influencing cost threshold are discussed, and two propositions of information security investment are brought forward. The necessary conditions to achieve the equilibrium of investment are deduced, and the simulation analysis is made.2. The infinite strategy game analysis method of information security investment quantity for organizations is proposed, and it provides scientific reference for the proper investment quantity of information security. Insufficient investment of information security can not ensure enough security, and overabundant of investment induces the waste, so it is necessary to analyze the proper investment quantity of information security. The information security investment quantity game model is set up based on the strategy independence, and the relation parameter in the model reflects the game relation of the two organizations. According to the different value of the relation parameter, the equilibrium analysis is made based on reaction function method. In particular, for the attack-defence game, the correlation proposition of the defender's equilibrium cost and the relation parameter is set up, and verified by the simulation. The example illustrates the investment quantity game analysis.3. The evolutionary game analysis methods of information security investment under defenders game and attacker-defender game are proposed, solve the hard problem of bounded rationality of information security investment subject, and predict the long-term stable trend of information security investment. In view of the bounded rationality of information security investment subject in the real world and the need to predict the long-term stable trend of information security investment, the evolutionary game researches of information security investment under defenders game and attacker-defender game are made in order to strengthen the reality basis of information security investment game. In the evolutionary game analysis of information security investment under defenders game, based on the evolutionary game model of information security investment, Evolutionary Stable Strategy is analyzed by Replicator Dynamics. The REPAST simulation on the multi-agent platform verifies the Evolutionary Stable Strategy. For the evolutionary game of information security investment under attacker-defender game, the attacker-defender game model of information security is set up, and the Replicator Dynamics and Evolutionary Stable Strategy are analyzed. The law and long-term stable trend of attack and defence are studied based on the relation of Replicator Dynamics of the attacker colony and Replicator Dynamics of the defender colony. The research results explain the circle of attack and defence in information security, and put forward the strategy suggestions to settle information security problem.This doctoral dissertation has made scientific researches on information security problem for organizations from the new angle of game theory, explored the hard problem of information security investment, and achieved some innovative research results. This doctoral dissertation has important theoretical significance for this new research field, and also has important practical significance to reduce the blindness of the investment, and to direct information security investment scientifically.