| As the new generation information and communication technology and industrial economy are deeply integrated,the efficient operation of supply chain increasingly depends on the system integration and real-time information interaction,and the information security problem in supply chain is becoming increasingly prominent.In order to reduce the economic and reputation loss caused by information security leakage,firms increase the investment in information security hardware and software year by year.How to maximize the security level by using the limited security budget has become an important issue for risk managers.However,the information security level of supply chain nodes not only depends on their own security investment,but also is affected by the security environment and the security level of related nodes.There are considerable business relations and frequent information exchanges among supply chain nodes.The information security of their systems is interdependent in case of a security breach.Once information breach occurs in any link of a supply chain,it may lead to the disorder of the whole supply chain system.In addition,there is competition between nodes in the supply chain.If a node leaks information,its business may flow to competing nodes,and the leakage loss will increase.Therefore,when making information security investment decisions,supply chain nodes should not only consider external attack characteristics,system security characteristics,total security budget,system security requirements and other factors from the perspective of their own defense,but also cannot ignore the security risk relationship with each supply chain member,especially the interdependence of information security.Based on the security interdependence between internal and external supply chain nodes,considering budget constraints,security environment characteristics and competitive externalities,this paper explores the information security investment strategy and risk management of internal and external nodes.The findings of this study are helpful to arouse people’s attention to the security interdependence in supply chains,and provide theoretical guidance for firms to make proper investment strategies and proposes coordination mechanism.Firstly,this paper explores the optimal allocation of security investment and its influencing factors among nodes in an internal supply chain with budget constraints.The internal supply chain nodes consisting of management center and business branches are closely linked,and the security of systems is interdependent.How to allocate the limited security investment budget has become an important issue for firms.At present,the research on information security investment mainly focuses on the portfolio optimization of specific security technologies,and seldom concentrates on the redistribution of security investment within a firm.Considering the difference between node information set and system interconnection,this paper proposes a model for the optimal allocation of information security investment among the internal nodes with budget constraints.From the theoretical and numerical perspectives,we analyze the optimal security allocation strategy and its sensitivity to internal and external factors,and compare the cases with security information sharing mechanism or not.The results show that when the total budget is small and the intrinsic vulnerability of the system is high,the firm will give priority to protect the information security of the management center.The optimal security investment allocated to each branch will increase with the total budget,the degree of system interconnection and the proportion of information set,but it will never exceed 1/(n+1)of the total security budget.The numerical simulation results verify that the security information sharing between the management center and the business branches plays an important role for increasing the security investments of the whole internal supply chain.Secondly,we study the optimal information security investments and risk coordination mechanisms between retailer and supplier.Security interdependence is a huge challenge for the upstream and downstream firms in the supply chain.The security breach one node suffers from may endanger the whole supply chain network.The prior studies on security interdependence mainly focus on symmetric or similar organizations,and rarely involve the supply chain environment.This paper constructs a security investment decision-making game model in a two-level supply chain.Initially,the optimal security investment strategies among retailer and suppliers in the case of single-stage security interdependence are studied,and their responses to relevant security characteristics are analyzed.Then,in order to reduce the negative consequences of security externalities,three coordination mechanisms are proposed,and their effects are compared and verified.Finally,the case with two-stage security interdependence is compared with the case with the single-stage security interdependence.The results show that there are serious prisoner’s dilemma and free riding phenomenon among firms in the supply chain.Compared with the case of security information sharing,joint decision-making and security compensation mechanism perform better in increasing the security investment and reducing the expected cost no matter for a single firm or the whole supply chain.Under the case with two-stage security interdependence,firms are more willing to invest in information security funds.Thirdly,it studies the influences of the competitive externalities on the information security investments among upstream and downstream firms.In addition to the security interdependence with partners,supply chain nodes may also be affected by the competitive environment.At present,few studies take the competition of supply chain nodes into account in information security.Considers both two kinds of security interdependence and competitive externalities,and this study constructs a game model of information security investment in a supply chain with competitive suppliers.Firstly,this study analyzes the optimal security investments of supplier and retailer in the supply chain,as well as the effects of competitive factors such as the number of competitors and the degree of competition and system factors on the optimal security investments.Secondly,the security investments and costs of firms whose systems interconnect with each other are compared with the case that their systems are independent to share information.Finally,the decentralized case is also compared with the centralized case.The main findings are as follows.There are imitation effects of the security investment decisions between retailer and supplier,and they will increase or decrease security investment at the same time.Appropriate competition can encourage firms to increase security investment.When the number of competing firms and the demand for information interaction are both small,the system interconnection can stimulate firms to invest in information security.On the contrary,the information sharing in independent systems can make firms invest more in information security.Compared with the case with decentralized decision-making,firms are willing to invest more security funds,and obtain lower security costs under centralized decision-making of supply chain. |
PDF Full Text Request