论文部分内容阅读
为解决企业面对自主研发、把信息安全完全外包给安全服务外包提供商MSSP和企业与MSSP合作共同开发3种模式下如何作出最优选择问题,在考虑企业与黑客博弈的情况下,通过对企业期望效用的建模与分析对企业在3种情况下的最优安全投资策略进行了讨论.结论表明,企业的最优选择取决于合作开发系数的取值范围及其适用条件.当合作开发系数较高时,企业与MSSP合作开发更为理性;当合作开发系数较低时,企业选择自主研发更为理性.当企业与MSSP的合作开发系数较小时,黑客的最大期望效用随着入侵概率与成本系数的增大而增大,而在当企业与MSSP的合作开发系数较大时则相反.
In order to solve the problem that enterprises face independent research and development, information security is completely outsourced to security service outsourcing providers MSSP and enterprises and MSSP to jointly develop the optimal selection under the three modes. By considering the game between enterprises and hackers, The modeling and analysis of the expected utility of the enterprise discussed the optimal security investment strategy of the enterprise under the three conditions.The conclusions show that the optimal choice of the enterprise depends on the scope of the value of the cooperative development coefficient and its applicable conditions.When the cooperative development When the coefficient is high, the cooperation between the enterprise and the MSSP is more rational, and when the cooperation and development coefficient is lower, the enterprise chooses to develop more rationally.When the cooperative development coefficient between the enterprise and the MSSP is small, the maximum expected utility of the hacker increases with the probability of intrusion And the cost factor increases, but the opposite is true when the co-operative development coefficient between the enterprise and the MSSP is large.