file.pdf (449.38 kB)
When Information Improves Information Security (CMU-CyLab-09-004)
journal contributionposted on 2009-03-17, 00:00 authored by Jens Grossklags, Benjamin JohnsonBenjamin Johnson, Nicolas ChristinNicolas Christin
We investigate a mixed economy of an individual rational expert and several na¨ıve near-sighted agents in the context of security decision making. Agents select between three canonical security actions to navigate the complex security risks of weakest-link, best shot and total effort interdependencies. We further study the impact of two information conditions on agents’ choices. We provide a detailed overview of a methodology to effectively determine and compare strategies and payoffs between the different regimes. To analyze the impact of the different information conditions we propose a new formalization. We define the price of uncertainty as the ratio of the expected payoff in the complete information environment over the payoff in the incomplete information environment.