Coalitional Game Theory for Security Risk Management

Quantitative models for security risk management in organizations are recently receiving an increased attention in the research community. This paper investigates the possibility of cooperation among autonomous divisions of an organization with dependent security assets and/or vulnerabilities for reducing overall security risks. A coalitional game is formulated for modeling cooperation possibilities among these divisions based on their both positive (synergies) and negative (vulnerabilities) interdependencies. The proposed game constitutes a framework that allows to investigate how an organization can maximize its total utility through cooperation among its different divisions. The introduced utility accounts for the gains from cooperation, in terms of an improved synergy among the divisions, and the costs for cooperation that account for the friction among the divisions (e.g. due to social and human factors) as well as the difficulty of managing large-sized divisions. Using the proposed game model, the illustrative cases of two-coalition cooperation, two-division cooperation as well as a practical scenario when using an ideal cooperation protocol are analyzed

[1]  Tansu Alpcan,et al.  Modeling dependencies in security risk management , 2009, 2009 Fourth International Conference on Risks and Security of Internet and Systems (CRiSIS 2009).

[2]  Roger B. Myerson,et al.  Game theory - Analysis of Conflict , 1991 .

[3]  Nicholas Bambos,et al.  Security Decision-Making among Interdependent Organizations , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[4]  Tansu Alpcan,et al.  Stochastic games for security in networks with interdependent nodes , 2009, 2009 International Conference on Game Theory for Networks.

[5]  Nicholas Bambos,et al.  SecureRank: A Risk-Based Vulnerability Management Scheme for Computing Infrastructures , 2007, 2007 IEEE International Conference on Communications.

[6]  Zhu Han,et al.  Coalitional game theory for communication networks , 2009, IEEE Signal Processing Magazine.

[7]  N. Bambos,et al.  Security investment games of interdependent organizations , 2008, 2008 46th Annual Allerton Conference on Communication, Control, and Computing.