The model of financing of smart city cyber security with procedure of obtaining additional data for the defense
DOI:
https://doi.org/10.18372/2225-5036.25.13667Keywords:
cybersecurity, Smart City, game theory, financial strategy choice, obtaining additional information procedure, decision support systemAbstract
The article outlines the model for choosing cyber security financing strategies for Smart City with no complete information about the financial resources of the attacking party. The proposed model is the core of the decision-making support system development module in the task of selecting rational investment options in the protection of information and cyber security of Smart City. The model allows to find financial solutions with the help of the tools of the theory of multistage game with several terminal surfaces. The authors propose an approach that allows information security management to pre-evaluate strategies for financing Smart City cybersecurity systems. The model distinguished by the assumption, that the defense party does not have complete information about both the financial strategies of the attacking party and the state of its financial resources aimed at overcoming the cybersecurity boundaries of the object of informatization. Considering recent cybersecurity studies, it can be argued that the tactics and strategies of the attacking party can still be diverse and, accordingly, make it difficult for the defense the task of choosing a rational strategy for financing the appropriate cyber security tools. In this case, the defense can obtain additional information at the expense of the cost of part of its financial resources. This enables a defense party to secure a positive result for themselves in case it cannot obtain it without this procedure. The solution was found using a mathematical apparatus of a nonlinear multi-stage game with several terminal surfaces with successive turns. To test the adequacy of the model, a multivariate computing experiment was conducted. The results of this experiment are described in the article. Further development of the research aim to create a complete software product, for example, a decision support system for selecting a rational financial strategy by the defense, when investing in specific Smart City cybersecurity projects.References
C. Posey, T. Roberts, P. Lowry, B. Bennett, J. Courtney, Insiders’ protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors, 2013.
C. Posey, T. Roberts, P. Lowry, R. High-tower, "Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders", Information & management, 51(5), pp. 551-567, 2014.
R. Taylor, E. Fritsch, J. Liederbach, Digital crime and digital terrorism. Prentice Hall Press, 2014.
L. Gordon, M. Loeb, L. Zhou, "Investing in cybersecurity: Insights from the Gordon-Loeb model", Journal of Information Security, 7(02), pp. 49, 2016.
B. Kelly, "Investing in a centralized cybersecurity infrastructure: Why hacktivism can and should influence cybersecurity reform", BUL Rev., 92, pp. 1663, 2012.
K. Goztepe, "Designing Fuzzy Rule Based Expert System for Cyber Security", International Journal of Information Security Science, Vol. 1, No. 1, pp. 13-19, 2012.
A. Fielder, E. Panaousis, P. Malacaria, "Deci-sion support approaches for cyber security investment", Decision Support Systems, Vol. 86, pp. 13-23, 2016.
V. Lakhno, "Development of a support sys-tem for managing the cyber security", Radio Electronics, Computer Science, Control, No. 2, pp. 109-116, 2017.
H. Cavusoglu, B. Mishra, S. Raghunathan, "A model for evaluating IT security investments", Communications of the ACM, Vol. 47, No. 7, pp. 87-92, 2004.
L. Gordon, M. Loeb, W. Lucyshyn, L. Zhou, "The impact of information sharing on cybersecurity underinvestment: a real options perspective", Journal of Accounting and Public Policy, 34(5), pp. 509-519, 2015.
A. Fielder, S. Konig, E. Panaousis, S. Schauer, S. Rass, S, Uncertainty in Cyber Security Investments, 2017. arXiv preprint arXiv:1712.05893.
B. Akhmetov, V. Lakhno, Y. Boiko, A. Mish-chenko, "Designing a decision support system for the weakly formalized problems in the provision of cybersecurity", Eastern-European Journal of Eenterprise Technologies, (1 (2)), pp. 4-15, 2017.
V. Lakhno, V. Malyukov N. Gerasymchuk, "Development of the decision making support system to control a procedure of financial investment", Eastern-European Journal of Enterprise Technologies, Vol. 6, No. 3, pp. 24-1, 2017.
M. Manshaei, Q. Zhu, T. Alpcan, "Game theory meets network security and privacy", ACM Computing Surveys, Vol. 45, No. 3, pp. 1-39, 2013.
V. Malyukov, "Discrete-approximation method for solving a bilinear differential game", Cybernetics and Systems Analysis, Vol. 29, No. 6, pp. 879-888, 1993.
A. Fielder, E. Panaousis, P. Malacaria, "Game theory meets information security management", IFIP International Information Security Conference, Marrakech, Morroco, 2–4 June 2014: proceedings, Berlin, Springer, pp. 15-29, 2014.
X. Gao, W. Zhong, S. Mei, "A game-theoretic analysis of information sharing and security investment for complementary firms", Journal of the Operational Research Society, Vol. 65, No. 11, pp.1682-1691, 2014.
R. Isaacs, "Differential games: a mathemati-cal theory with applications to warfare and pursuit, control and optimization", Courier Corporation, 1999.
B. Akhmetov, V. Lakhno, "System of deci-sion support in weakly-formalized problems of transport cybersecurity ensuring", Journal of Theoretical and Applied Information Technology, Vol. 96, No. 8, pp. 2184-2196, 2018.
V. Lakhno, "Developing of the cyber security system based on clustering and formation of control deviation signs", Journal of Theoretical & Applied Information Technology, Vol. 95, No. 21, pp. 5778-5786, 2017.
