Information Security Investment Strategies in Supply Chain Firms: Interplay between Breach Propagation, Shared information Assets and Chain Topology

摘要

Firms in a supply chain share information assets among them, and make use of inter-firm network connections to enable quick information sharing. Both of these approaches have significant implications when a security breach occurs. One, the interconnections may become conduits for security breach propagation. Two, shared information assets now become vulnerable at the owner as well as at the partner firms’ sites. Therefore, an effective security investment strategy in a supply chain must take into account vulnerability issues arising out of propagation of security breaches and sharing of information assets. Investments in perimeter security technologies reduce direct vulnerability of information assets, but are ineffective in countering indirect breaches, which originate from partnering firms. Our research investigates interdependent security investment strategies of supply chain firms in a game-theoretic framework, and analyze non-cooperative and centrally administered investment equilibria. We also provide comparative static of these investments under specific value chain topologies.