Skip to main content

Technical Reports: CMU-CyLab-09-004

Title:When Information Improves Information Security
Authors:Jens Grossklags, Benjamin Johnson, Nicolas Christin
Publication Date:March 17, 2009


We investigate a mixed economy of an individual rational expert and several naive near-sighted agents in the context of security decision making. Agents select between three canonical security actions to navigate the complex security risks of weakest-link, best shot and total effort interdependencies. We further study the impact of two information conditions on agents’ choices. We provide a detailed overview of a methodology to effectively determine and compare strategies and payoffs between the different regimes. To analyze the impact of the different information conditions we propose a new formalization. We define the price of uncertainty as the ratio of the expected payoff in the complete information environment over the payoff in the incomplete information environment.

Full Report: CMU-CyLab-09-004