Incentive Games and Mechanisms for Risk Management

Incentives play an important role in (security and IT) risk management of a large-scale organization with multiple autonomous divisions. This paper presents an incentive mechanism design framework for risk management based on a game-theoretic approach. The risk manager acts as a mechanism designer providing rules and incentive factors such as assistance or subsidies to divisions or units, which are modeled as selfish players of a strategic (noncooperative) game. Based on this model, incentive mechanisms with various objectives are developed that satisfy efficiency, preference-compatibility, and strategy-proofness criteria. In addition, iterative and distributed algorithms are presented, which can be implemented under information limitations such as the risk manager not knowing the individual units' preferences. An example scenario illustrates the framework and results numerically. The incentive mechanism design approach presented is useful for not only deriving guidelines but also developing computer-assistance systems for large-scale risk management.

[1]  Holger Boche,et al.  Mechanism design and implementation theoretic perspective for interference coupled wireless systems , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[2]  T. Başar,et al.  Dynamic Noncooperative Game Theory , 1982 .

[3]  Seth D. Guikema,et al.  Incentive compatible resource allocation in concurrent design , 2006 .

[4]  Seth D. Guikema,et al.  Assessing risk from intelligent attacks: A perspective on approaches , 2010, Reliab. Eng. Syst. Saf..

[5]  Michael L. Honig,et al.  Auction-Based Spectrum Sharing , 2006, Mob. Networks Appl..

[6]  Tansu Alpcan,et al.  Nash equilibrium design and optimization , 2009, 2009 International Conference on Game Theory for Networks.

[7]  K. J. Ray Liu,et al.  Repeated open spectrum sharing game with cheat-proof strategies , 2009, IEEE Transactions on Wireless Communications.

[8]  Tansu Alpcan,et al.  Coalitional Game Theory for Security Risk Management , 2010, 2010 Fifth International Conference on Internet Monitoring and Protection.

[9]  John N. Tsitsiklis,et al.  Efficiency of Scalar-Parameterized Mechanisms , 2008, Oper. Res..

[10]  John R Hall The elephant in the room is called game theory. , 2009, Risk analysis : an official publication of the Society for Risk Analysis.

[11]  A. Lazar The Progressive Second Price Auction Mechanism for Network Resource Sharing , 2007 .

[12]  J. Goodman Note on Existence and Uniqueness of Equilibrium Points for Concave N-Person Games , 1965 .

[13]  John N. Tsitsiklis,et al.  Parallel and distributed computation , 1989 .

[14]  Tansu Alpcan,et al.  Dynamic Control and Mitigation of Interdependent IT Security Risks , 2010, 2010 IEEE International Conference on Communications.

[15]  Nicholas Bambos,et al.  Security Decision-Making among Interdependent Organizations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[16]  Paul R. Garvey,et al.  Analytical Methods for Risk Management: A Systems Engineering Perspective , 2008 .

[17]  Bruce E. Hajek,et al.  VCG-Kelly Mechanisms for Allocation of Divisible Goods: Adapting VCG Mechanisms to One-Dimensional Signals , 2006, 2006 40th Annual Conference on Information Sciences and Systems.

[18]  Derong Liu The Mathematics of Internet Congestion Control , 2005, IEEE Transactions on Automatic Control.

[19]  Jr. Louis Anthony Cox,et al.  Game Theory and Risk Analysis , 2009 .

[20]  Tansu Alpcan,et al.  A control theoretic approach to noncooperative game design , 2009, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[21]  Seth D. Guikema,et al.  Game Theory Models of Intelligent Actors in Reliability Analysis: An Overview of the State of the Art , 2009 .

[22]  Tansu Alpcan,et al.  Network Security , 2010 .

[23]  Elisabeth Paté-Cornell Risks and Games: Intelligent Actors and Fallible Systems , 2009 .

[24]  M. Dufwenberg Game theory. , 2011, Wiley interdisciplinary reviews. Cognitive science.

[25]  Tansu Alpcan,et al.  Noncooperative Games for Control of Networked Systems , 2006 .

[26]  J. Nash Equilibrium Points in N-Person Games. , 1950, Proceedings of the National Academy of Sciences of the United States of America.

[27]  Tansu Alpcan,et al.  Modeling dependencies in security risk management , 2009, 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009).

[28]  Holger Boche,et al.  Characterization of Non-Manipulable and Pareto Optimal Resource Allocation Strategies for Interference Coupled Wireless Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[29]  Zhu Han,et al.  Coalitional game theory for communication networks , 2009, IEEE Signal Processing Magazine.

[30]  N. Bambos,et al.  Security investment games of interdependent organizations , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.

[31]  Eric van Damme,et al.  Non-Cooperative Games , 2000 .

[32]  R.T. Maheswaran,et al.  Social welfare of selfish agents: motivating efficiency for divisible resources , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[33]  K. Schittkowski,et al.  NONLINEAR PROGRAMMING , 2022 .

[34]  David Moore,et al.  Code-Red: a case study on the spread and victims of an internet worm , 2002, IMW '02.

[35]  E. Maskin Nash Equilibrium and Welfare Optimality , 1999 .

[36]  E. Maskin,et al.  The Implementation of Social Choice Rules: Some General Results on Incentive Compatibility , 1979 .