When Information Improves Information Security (CMU-CyLab-09-004)
journal contributionposted on 17.03.2009 by Jens Grossklags, Benjamin Johnson, Nicolas Christin
Any type of content formally published in an academic journal, usually following a peer-review process.
We investigate a mixed economy of an individual rational expert and several na¨ıve near-sighted agents in the context of security decision making. Agents select between three canonical security actions to navigate the complex security risks of weakest-link, best shot and total effort interdependencies. We further study the impact of two information conditions on agents’ choices. We provide a detailed overview of a methodology to effectively determine and compare strategies and payoffs between the different regimes. To analyze the impact of the different information conditions we propose a new formalization. We define the price of uncertainty as the ratio of the expected payoff in the complete information environment over the payoff in the incomplete information environment.