Decision-support model for cybersecurity risk planning: a two-stage stochastic programming framework featuring firms, government, and attacker
Jomon A. Paul and Minjiao Zhang
Coles Working Paper Series, SPRING19-02, March 2019
Overview We study the decisionmaking problem in cybersecurity risk planning concerning resource allocation strategies by the government towards intelligence and firms’ investments in detection and containment safeguards. Aiming to minimize the social costs incurred due to cyberattacks, we consider both the initial monetary expenditure and the deprivation costs due to delayed detection and containment. We also consider the effect of positive externalities of the overall cybersecurity investment on an individual firm’s resource allocation attitude. The optimal decision derived will guide firms in determining their countermeasure portfolio mix (detection vs. prevention vs. containment) and government intelligence investments while accounting for budgetary limitations and the possible actions of a strategic attacker. In our two-stage stochastic programming model, first, firms decide on prevention and detection investments, including investments in government intelligence that improve detection effectiveness. In the second stage, once attacker actions are realized, firms evaluate their impact and decide on containment investments. We use a case study to demonstrate the applicability of our model. We find that externality can reduce government’s intelligence investment and that the firms’ detection investment receives priority over containment. We also note that while prevention effectiveness has a decreasing impact on intelligence, intelligence effectiveness has an increasing impact on intelligence.
30 | Working Papers
Made with FlippingBook - Online catalogs