Wei Sun,Xiangwei Kong,Dequan He,Xingang You

DOI: https://doi.org/10.1109/ISECS.2008.147

2008-01-01

Abstract:The purpose of this paper is to resolve information security problem in the mobile electronic commerce industry chain. We analyze information security based on evolutionary game theory. In this paper, we set up the information security game model with penalty parameter, calculate replicator dynamics, and analyze the evolutionary stable strategy of the game model. The result reveals that reducing the investment cost is the key factor to promote information security investment. If this condition can not be satisfied, the regulation of penalty parameter will help to promote the investment. The research method in this paper provides a new thought for the solution of information security in the mobile electronic commerce chain.

Wai Peng Wong,Hwee Chin Tan,Kim Hua Tan,Ming-Lang Tseng

DOI: https://doi.org/10.1108/imds-12-2018-0546

2019-07-08

Abstract:Purpose The purpose of this paper is to explore the human factors triggering information leakage and investigate how companies mitigate insider threat for information sharing integrity. Design/methodology/approach The methodology employed is multiple case studies approach with in-depth interviews with five multinational enterprises (MNEs)/multinational corporations (MNCs). Findings The findings reveal that information leakage can be approached with human governance mechanism such as organizational ethical climate and information security culture. Besides, higher frequency of leakages negatively affects information sharing integrity. Moreover, this paper also contributes to a research framework which could be a guide to overcome information leakage issue in information sharing. Research limitations/implications The current study involved MNCs/MNEs operating in Malaysia, while companies in other countries may have different ethical climate and information sharing culture. Thus, for future research, it will be good to replicate the study in a larger geographic region to verify the findings and insights of this research. Practical implications This research contributes to the industry and business that are striving toward solving the mounting problem of information leakage by raising awareness of human factors and to take appropriate mitigating governance strategies to pre-empt information leakage. This paper also contributes to a novel theoretical model that characterizes the iniquities of humans in sharing information, and suggests measures which could be a guide to avert disruptive leakages. Originality/value This paper is likely an unprecedented research in molding human governance in the domain of information sharing and its Achilles’ heel which is information leakage.

computer science, interdisciplinary applications,engineering, industrial

Weihui Dai,Qi Zhu,Chunshi Wang,Yujiao Zeng

DOI: https://doi.org/10.4304/jcp.7.2.317-324

2012-01-01

Journal of Computers

Abstract:I nformation system has become the indispensable support platform required by daily operations in modern enterprises. IC manufacturing industry is the most important base of advanced information products . Its rich knowledge innovation, complex production process , and high degree of cooperation require particular risk management on i nformation security. On the basis of referencing to latest information security management standards, PDCA risk management and best practices, this paper propose d an dynamic risk management model for the information security management in IC manufacturing industry. A fter an in-depth analysis of the actual current situation of IC manufacturing in China , that model has been successfully applied to guide the information security management practices in IC manufacturing compan ies, and offers a comprehensive and practical solution .

杨庆,黄丽华

DOI: https://doi.org/10.3969/j.issn.1003-5060.2003.z1.049

2003-01-01

Abstract:On the basis of the model of business risk,the concepts related to the risk of information technology(IT), the characteristics of the IT risk, and the impacts of such risk on the enterprises which have a high degree of dependence on information are analyzed. Then different managerial models are presented corresponding to the different phases of the IT risk management, and some critical successful factors(CSFs) in implementing the management are also listed. Finally, some suggestions are put forward to Chinese enterprises which are carrying on informatization.

Kim Hua Tan,W. P. Wong,Leanne Chung

DOI: https://doi.org/10.1007/s10796-015-9553-6

2015-04-17

Information Systems Frontiers

Abstract:The current world of post industrial value generation sees companies increasingly analyzing their internal operations against their external organizations to identify supply/demand fluctuations along the supply chain. Within these integrated relationships between internal and external parties in the supply chain, knowledge and information have become very important production resources. The existence and success of an increasing number of organizations strongly depend on their capabilities to utilize knowledge and information for profit generation. By managing more efficient information sharing, the volume of company confidential information passing through the supply chain increases, and this brings about more incidences of knowledge leakage and information leakage. A survey by PricewaterhouseCoopers in 2014 shows information security spending over the next 12 months would increase 60.27 % in Asia and 48.98 % in all regions. This emphasizes the importance of information privacy and therefore the necessity to study the information and knowledge leakage in integrated supply chain. The objectives of this study are to investigate the factors triggering information and knowledge leakage and create a mitigation framework to soften the impact of leakages on performance. The above objectives will be met by formulating and examining several hypotheses of a conceptualized information leakage (IL) and knowledge leakage (KL) framework. A case study derived from a structured interview is adopted as a methodology in this research. As a result, this paper contributes a novel theoretical model that characterizes information and knowledge leakage in an integrated supply chain. Therefore, it also adds new knowledge of managing information and knowledge leakage to supply chain management.

computer science, information systems, theory & methods

Xiao-yan Deng

DOI: https://doi.org/10.1142/s0129156425400191

2024-09-25

International Journal of High Speed Electronics and Systems

Abstract:International Journal of High Speed Electronics and Systems, Ahead of Print. In the contemporary global economic landscape, the imperative for enterprise financial informatization as a catalyst for efficiency, cost reduction, and innovation is evident. However, the deepening integration of informatization introduces corresponding risks, necessitating the establishment of effective risk management systems. This paper proposes a genetic algorithm-based model for enterprise financial informatization risk management, aiming to offer precise and actionable solutions. The study integrates genetic algorithms to enhance the adaptability and flexibility of the risk management model in the dynamic information environment. Through in-depth research on corporate financial informatization risks, a multi-dimensional risk management control model is constructed, considering technical, organizational, and environmental factors. The genetic algorithm introduces a new perspective for model optimization, enabling efficient search and optimization capabilities. The model not only identifies but also controls and governs risks, providing timely intervention and effective risk management. Moreover, the genetic algorithm facilitates intelligent decision support for risk management by adapting to changing environments. Empirical analysis validates the model's feasibility and effectiveness in real enterprise cases, emphasizing its practicality.

Xinlin Cao,Yong Zeng

DOI: https://doi.org/10.1115/detc2011-48278

2011-01-01

Abstract:Intellectual Property (IP) leakage during collaborative product development is drawing more and more attentions nowadays. Unlike most of existing research, which is focused on the effect of IP leakage on the supply chain’s material and information flows, we propose a reverse design based conceptual model of information leakage during collaborative product development environments. In addition, a generic extensible framework is proposed to detect and estimate the IP leakage due to reverse design. Specifically, we propose an inference model to obtain inferred knowledge based on public knowledge and shared knowledge. We also present an algorithm to detect potential IP leakage due to reverse design in collaborative product development environments when potential competition may exist between a product partner and the manufacturer. An industrial example is used to demonstrate the problem and our proposed approach.

Zhi-tao Du,Xin-zhou Xie

DOI: https://doi.org/10.1109/isme.2010.254

2010-01-01

Abstract:Information sharing is the base of enhancing management performance of supply chain, though it makes enterprise facing all kinds of risks, such as cost increasing, relation entangled and disclosing the secrets etc.. This article indicated that information sharing is limited in supply chain, and the investment on its establishment is boundary based on a game model. The author also indicated that enterprises must control the information sharing from the following aspects, such as the extent, content and range etc.. Only do this, can enterprises obtain the maximum benefits from information sharing. In the light of the thoughts, the authors then constructed an integrated frame of information sharing. In this frame, enterprises must consider about the needs of strategic development and economic cost restraint comprehensively to ensure the extent, content and range of information sharing, and then realize the information sharing from technical level. So that the establishment of information sharing becomes a coordinated planning and orderly interact system engineering from the levels of strategy, tactics and technology.

Sung-Hwan Kim,Nam-Uk Kim,Tai-Myoung Chung

DOI: https://doi.org/10.1108/k-05-2014-0106

IF: 2.352

2015-01-12

Kybernetes

Abstract:Purpose – The purpose of this paper is to provide a model for quantitatively analyzing the security profile of an organization’s IT environment. The model considers the security risks associated with stored data, as well as services and devices that can act as channels for data leakages. The authors propose a sensitive information (SI) leakage vulnerability model. Design/methodology/approach – Factors identified as having an impact on the security profile are identified, and scores are assigned based on detailed criteria. These scores are utilized by mathematical models that produce a vulnerability index, which indicates the overall security vulnerability of the organization. In this chapter, the authors verify the model result extracted from SI leakage vulnerability weak index by applying the proposed model to an actual incident that occurred in South Korea in January 2014. Findings – The paper provides vulnerability result and vulnerability index. They are depends on SI state in information systems. Originality/value – The authors identify and define four core variables related to SI leakage: SI, security policy, and leakage channel and value of SI. The authors simplify the SI leakage problem. The authors propose a SI leakage vulnerability model.

computer science, cybernetics

Justin Z. ZhangLakshmi GoelSteven Williamsona Department of Management,Coggin College of Business,University of North Florida,Jacksonville,FL,USAb School of Business Administration,Al Akhawayn University,Ifrane,Morocco

DOI: https://doi.org/10.1080/17517575.2024.2310844

2024-02-01

Enterprise Information Systems

Abstract:This research employs an analytical modelling approach, complemented by empirical analysis, to delve into enterprise cybersecurity information sharing strategies. Utilising a thorough cost-based analysis, we scrutinise the cybersecurity costs and security levels within enterprises, leading to the identification of three core cybersecurity strategies – risk acceptance, risk balance, and risk reduction. Additionally, we delineate four distinct information-sharing strategies: selective, balanced, extensive, and futile sharing. Supported by empirical evidence gathered from a cybersecurity forum, this investigation not only enriches scholarly discussions but also provides valuable insights. Its academic significance is accentuated by offering nuanced guidance for practitioners, facilitating the implementation of effective cybersecurity information-sharing practices.

computer science, information systems

Suguo Du,Xiaolong Li,Jinli Zhong,Lu Zhou,Minhui Xue,Haojin Zhu,Limin Sun

DOI: https://doi.org/10.1109/access.2018.2818116

IF: 3.9

2018-01-01

IEEE Access

Abstract:The current culture that encourages online dating, and interaction makes large-scale social network users vulnerable to miscellaneous personal identifiable information leakage. To this end, we take a first step toward modeling privacy leakages in large-scale social networks from both technical and economic perspectives.From a technical perspective, we use Markov chain to propose a dynamic attack-defense tree-based model, which is temporal-aware, to characterize an attack effort made by an attacker and a corresponding countermeasure responded by a social network security defender. From an economic perspective, we use static game theory to analyze the ultimate strategies taken by the attacker and the defender, where both rational participants tend to maximize their utilities, with respect to their attack/defense costs. To validate the proposed approach, we perform extensive experimental evaluations on three realworld data sets, triggered by the survey of over 300 volunteers involved, which illuminates the privacy risk management of contemporary social network service providers.

Qing Li,Yan Li,Tianlongyi Yuan,Dawei Chen

DOI: https://doi.org/10.1007/s10726-023-09839-9

IF: 2.928

2023-06-28

Group Decision and Negotiation

Abstract:The network information security regulation of information and communication technology (ICT) product supply chain is an important issue for governments globally. The whole life cycle of ICT supply chain is a complex process, comprising the design and development stage, outsourcing integration stage and service operation and maintenance stage. Each of these stages may be maliciously attacked, leading to network information security crisis. Therefore, a tripartite evolutionary game model comprising ICT product suppliers, demand customers (such as system integrators, operation and maintenance suppliers and service providers) and government regulatory authorities was constructed from the perspective of security threats and government regulation in the supply chain of ICT products based on bound rationality. The effects of each element on the tripartite strategy selection were evaluated by determining the evolutionary stability of upstream and downstream supply chains. The evolution path was simulated using Matlab2016a software and external variables were included for simulation analysis. The results showed that: (1) the costs of design development and production of high-quality ICT products directly affect the strategy choice of the producers, and determine the stable strategy time of the demanding customers, implying that excessive R&D costs negatively affect healthy development of the supply chain; (2) increase in incentives by the government within a reasonable range promotes the development of products with high security performance and ensures standardization of the implementation standards of information security acceptance of products by customers. However, the increase in incentives leads to a decrease in government supervision; (3) the initial probability of selection of product manufacturers plays an important role in the convergence rate of demand customers. The participating enterprises and government's operational decision were explored using the tripartite evolutionary game of the ICT product supply chain to formulate recommendations to enhance the construction of information security.

management,social sciences, interdisciplinary

Bei Yuan

DOI: https://doi.org/10.3934/math.2024277

2024-01-01

AIMS Mathematics

Abstract:As a knowledge-intensive financial enterprise, intellectual capital can play a significant driving role in enhancing the value of financial enterprises. Especially in the current unstable and complex international financial market, it is necessary for financial enterprises to actively consider the advantages of intellectual capital to shape their competitive edge and maximize profit value. However, it is also important to consider the issue of asymmetric information within the financial system, particularly the attitudes and behaviors in the strategic interactions between governments and financial enterprises. Therefore, this paper took the strict logical structure and analytical method of game theory as an effective analytical tool to solve the problem of asymmetric information in the economy and to use the asymmetric information game method to construct a mathematical model of intellectual capital in order to cope with the mistrust in the game process. Based on game theory, this paper systematically analyzed the factors influencing intellectual capital and constructed mathematical models of game theory for adverse selection ex-ante and moral hazard ex-post, analyzing strategic behavior. The research results indicated that, from the perspectives of market reactions and financing constraints, there is an issue of information asymmetry between the government and financial enterprises. The paper also presents viable strategic recommendations for alleviating information asymmetry and achieving coordinated allocation of information resources between government and enterprises.

mathematics, applied

Ning Xi,Chao Chen,Jun Zhang,Cong Sun,Shigang Liu,Pengbin Feng,Jianfeng Ma

DOI: https://doi.org/10.48550/arXiv.2106.04951

2021-06-09

Abstract:Mobile and IoT applications have greatly enriched our daily life by providing convenient and intelligent services. However, these smart applications have been a prime target of adversaries for stealing sensitive data. It poses a crucial threat to users' identity security, financial security, or even life security. Research communities and industries have proposed many Information Flow Control (IFC) techniques for data leakage detection and prevention, including secure modeling, type system, static analysis, dynamic analysis, \textit{etc}. According to the application's development life cycle, although most attacks are conducted during the application's execution phase, data leakage vulnerabilities have been introduced since the design phase. With a focus on lifecycle protection, this survey reviews the recent representative works adopted in different phases. We propose an information flow based defensive chain, which provides a new framework to systematically understand various IFC techniques for data leakage detection and prevention in Mobile and IoT applications. In line with the phases of the application life cycle, each reviewed work is comprehensively studied in terms of technique, performance, and limitation. Research challenges and future directions are also pointed out by consideration of the integrity of the defensive chain.

Cryptography and Security

Xiaotong Li

DOI: https://doi.org/10.1080/09537325.2020.1841158

2020-11-18

Technology Analysis and Strategic Management

Abstract:<span>With the development of information technology and the deepening of enterprise informatization, there are new challenges of enterprise information security investment decisions because of cooperative relationships among multi-enterprises. In this paper, the Gordon-Loeb model is extended to the multi-enterprise game environment, and combined with the probability of hacker invasion, which can stimulate enterprises to increase investment in information security and reduce costs, the game model of information security investment among complementary enterprises is constructed. Through this model, the impact of factors on optimal investment can be analyzed. It is found that the information security level of enterprises in cooperation situation is higher than that in the non-cooperation situation. Our research shows that the optimal investment will increase with the increase of the probability of one spread in cooperative situations, which is contrary to the changing trend of enterprises in non-cooperation situations, and there is a minimum expected cost threshold. According to the results, enterprise compensation mechanism and information sharing mechanism are designed to ensure the optimal level of social information security, it provides a new solution to deal with the information security investment decision of complementary enterprises under the characteristics of multi-enterprise and non-cooperative.</span>

management

Yu Y. Wei,Tienan Wang

DOI: https://doi.org/10.1109/ICMSE.2009.5318153

2009-01-01

Abstract:With the growing informationization investment, people increasingly care about the relationship between informationization and the enterprise competitive advantage day by day. As one of the enterprise competitive advantage sources, informationaization does not only influence the enterprise's competitive advantage directly, but influence it indirectly through variables, such as learning capability, enterprise culture. Through the previous research results, and the field research, based on the knowledge of information management and organizational behavior, this paper has selected the observation variable, has introduced the intermediary variable, and has constructed the theoretical model which reflects the informationization influences enterprise competitive advantage, to attempt to research the mechanism and the pattern of informationization influencing the enterprise competitive advantage thoroughly, and to provide certain reference and help for the fundamental research and the modem enterprises' practice.

Yong Wu,Mengyao Xu,Dong Cheng,Tao Dai

DOI: https://doi.org/10.1287/deca.2021.0442

2022-03-23

Decision Analysis

Abstract:Information resources have been shared to promote the business operations of firms. However, the connection of business information sharing interfaces between firms has increased the attack surface and created opportunities for the hacker. We examine the benefits and risks of business information sharing for firms who exert security efforts against a strategic hacker that launches attacks subjectively. We show that two kinds of security efforts, security investment and security knowledge sharing, act as strategic substitutes when the business-sharing degree is low and act as strategic complements otherwise. Besides, the strategic hacker is not always aggressive, who will give up launching attack activities when the business-sharing degree is relatively low. Moreover, as a specific characteristic in the security domain, the risk interdependency first enhances and then suppresses both firms’ security investments and the hacker’s attack effort, which causes a free-riding problem for two firms. Then, two coordination mechanisms, an investment-based mechanism and liability-based mechanism, are proposed to help firms coordinate their strategies to reach socially optimal security levels. Last, we extend the main model to three cases to make our model more general. This paper provides the first evidence to assess the security risks exacerbated by business information sharing while considering a strategic hacker. Some management insights to managers for making security decisions are provided.

management

Qianqian Pan,Jun Wu,Xi Lin,Jianhua Li

DOI: https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData-Cybermatics53846.2021.00050

2021-01-01

Abstract:The intelligent cyber-physical system (CPS) has been applied in various fields, covering multiple critical infras-tructures and human daily life support areas. CPS Security is a major concern and of critical importance, especially the security of the intelligent control component. Side-channel analysis (SCA) is the common threat exploiting the weaknesses in system operation to extract information of the intelligent CPS. However, existing literature lacks the systematic theo-retical analysis of the side-channel attacks on the intelligent CPS, without the ability to quantify and measure the leaked information. To address these issues, we propose the SCA-based model extraction attack on intelligent CPS. First, we design an efficient and novel SCA-based model extraction framework, including the threat model, hierarchical attack process, and the multiple micro-space parallel search enabled weight extraction algorithm. Secondly, an information theory-empowered analy-sis model for side-channel attacks on intelligent CPS is built. We propose a mutual information-based quantification method and derive the capacity of side-channel attacks on intelligent CPS, formulating the amount of information leakage through side channels. Thirdly, we develop the theoretical bounds of the leaked information over multiple attack queries based on the data processing inequality and properties of entropy. These convergence bounds provide theoretical means to estimate the amount of information leaked. Finally, experimental evaluation, including real-world experiments, demonstrates the effective-ness of the proposed SCA-based model extraction algorithm and the information theory-based analysis method in intelligent CPS.

ZUO Chuan,WANG Yan-fei

DOI: https://doi.org/10.3969/j.issn.1005-6033.2013.06.040

2013-01-01

Abstract:This paper analyzes the principle of anti-competitive intelligence methods for mainly controlling the accidental leakage of information and authorized distribution of information to achieve the purpose of anti-competitive intelligence, and introduces briefly some conventional anti-competitive intelligence methods from three aspects of management means, technical means and legal means.

Bo SHAO

DOI: https://doi.org/10.3969/j.issn.1007-7634.2006.03.009

2006-01-01

Abstract:The analysis and research on patent information is very important in enterprise competitive intelligence and counterintelligence, which can provide the company with technology strategy, competitor review, as well as countermeasures in counterintelligence process. This paper fully describes the technology and method of patent analysis from Competitive Intelligence and Counterintelligence, and puts forward some views about patent analyzing.