|Title:||When Information Improves Information Security|
|Authors:||Jens Grossklags, Benjamin Johnson, Nicolas Christin|
|Publication Date:||March 17, 2009|
We investigate a mixed economy of an individual rational expert and several naive near-sighted agents in the context of security decision making. Agents select between three canonical security actions to navigate the complex security risks of weakest-link, best shot and total effort interdependencies. We further study the impact of two information conditions on agents’ choices. We provide a detailed overview of a methodology to effectively determine and compare strategies and payoffs between the different regimes. To analyze the impact of the different information conditions we propose a new formalization. We define the price of uncertainty as the ratio of the expected payoff in the complete information environment over the payoff in the incomplete information environment.
Full Report: CMU-CyLab-09-004