data security in the digital age
play

Data Security in the Digital Age Reputation and Strategic - PowerPoint PPT Presentation

Nov 26, 2022 •638 likes •1.03k views

Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Data Security in the Digital Age Reputation and Strategic Interactions in Security Investment Ying Lei Toh Toulouse School of Economics March 31, 2016

  1. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Data Security in the Digital Age Reputation and Strategic Interactions in Security Investment Ying Lei Toh Toulouse School of Economics March 31, 2016

  2. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Motivation Data security: A quick look... 1 • 1,540 data breaches in 2014 • Over 1 billion records compromised • 55% of breaches occurred due to malicious attacks • Prominent breaches: Target, Home Depot, Ebay, Sony, Ashley Madison . . . 1Source: http://www.creditcards.com/credit-card-news/credit-card-security-id-theft-fraud-statistics-1276.php

  3. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Motivation • Data breaches can lead to adverse consequences for consumers • Rampant data breaches may be indicative that firms underinvest in security • More firms going digital + growing sophiscation of cybercriminals → more data breaches • What can be done to incentivise firms to invest more?

  4. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Overview & Main Results Model Overview • Players - Baseline: Website and unit mass of consumers (het. valuation) - Extended: Website, representative consumer and bank • Two periods • Unobserved (one-time) security investment by website at the start • Consumer learning via imperfect breach detection → customer turnover (reputation cost)

  5. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Overview & Main Results Main Results • Underinvestment in data security from perspective of consumer protection • Mandatory breach notification ◮ May not always lead to a higher level of investment/overall level of security ◮ May result in full crowding out of website’s investment ◮ Effect on consumer surplus may be ambiguous

  6. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Baseline Model • Website and unit mass of consumer with het. valuation, v • Two states of security: good ( ρ = 0) and bad ( ρ = ρ B > 0) Product valued at v ∼ U [0 , 1] Website Consumer Cust. info & rev., r Cust. info, prob ρ Attacks Losses, l Hackers

  7. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Timing • t=0: Website invests c ( q ) in security - t=1: Consumers decide whether to use website, breach may occur and may be detected - t=2: Consumers decide whether to use website

  8. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Timing • t=0: Website invests c ( q ) in security • t=1: Consumers decide whether to use website, breach may occur and may be detected. Users update their beliefs. - t=2: Consumers decide whether to use website...

  9. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Timing • t=0: Website invests c ( q ) in security. • t=1: Consumers decide whether to use website, breach may occur and may be detected. Users update their beliefs. • t=2: Consumers decide whether to use website...

  10. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Strategies Consumers: • Decide whether to use the website given beliefs: E ( U ) = v − E ( ρ ) l vs. 0 ◮ t=1: Use if v ≥ ˆ v – t=2: Use if v ≥ ˆ v ND when no breach detected and v ≥ ˆ v D when breach detected (ˆ v ND > ˆ v > ˆ v D )

  11. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Strategies Consumers: • Decide whether to use the website given beliefs: E ( U ) = v − E ( ρ ) l vs. 0 ◮ t=1: Use if v ≥ ˆ v ◮ t=2: Use if v ≥ ˆ v ND when no breach detected and v ≥ ˆ v D when breach detected (ˆ v ND > ˆ v > ˆ v D )

  12. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Strategies Consumers: • Decide whether to use the website given beliefs: E ( U ) = v − E ( ρ ) l vs. 0 ◮ t=1: Use if v ≥ ˆ v ◮ t=2: Use if v ≥ ˆ v ND when no breach detected and v ≥ ˆ v D when breach detected (ˆ v ND > ˆ v > ˆ v D )

  13. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Strategies Website: • Set level of security, q f , to max profit: Website’s Problem π ( q f , λ, ρ B max , ˆ v , ˆ ) v D , r q f � �� � � �� � prob. of size of turnover turnover

  14. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Strategies Website: • Set level of security, q f , to max profit: Website’s Problem π ( q f , λ, ρ B max , ˆ v , ˆ ) v D , r q f � �� � � �� � prob. of size of turnover turnover • c ′ ( q ∗ ) = Marg. reduction in loss from cust. turnover ( MB ( q ∗ ))

  15. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Strategies Website: • Set level of security, q f , to max profit: Website’s Problem π ( q f , λ, ρ B max , ˆ v , ˆ ) v D , r q f � �� � � �� � prob. of size of turnover turnover • c ′ ( q ∗ ) = Marg. reduction in loss from cust. turnover ( MB ( q ∗ ))

  16. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Equilibrium • Stable Bayes-Nash equilibrium where website invests q ∗ + in security • Too little investment from consumer protection perspective

  17. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Mandatory Breach Notification • Website to inform customers of breaches in a timely fashion • Increases prob. of breach detection ( λ ) to 1 • More investment in equilibrium if consumers are passive

  18. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Mandatory Breach Notification • Website to inform customers of breaches in a timely fashion • Increases prob. of breach detection ( λ ) to 1 • More investment in equilibrium if consumers are passive Intuition: Stronger learning/reputation effect ◮ Direct: Breach detected with higher prob → more likely to lose customers ◮ Indirect: Higher participation when no breach detected (ˆ v is smaller) → more to lose

  19. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Mandatory Breach Notification Consumer self-protection • Upon detecting breach, consumers may take action to mitigate fraction α of potential losses → U = v − ρ (1 − λα ) l • λα : measure of consumers’ ability to self-protect

  20. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Mandatory Breach Notification Consumer self-protection • Upon detecting breach, consumers may take action to mitigate fraction α of potential losses → U = v − ρ (1 − λα ) l • λα : measure of consumers’ ability to self-protect Proposition Equilibrium level of investment, q ∗ + • increases for small α ; • increases for intermediate α , provided that r is large ; • decreases otherwise. Consumers are better off whenever q ∗ + is higher (ambiguous otherwise). Full Proposition

  21. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Mandatory Breach Notification Intuition: • Learning/reputation effect (+): ◮ Same as with passive consumers ◮ Higher reputation cost when r is larger

  22. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Mandatory Breach Notification Intuition: • Learning/reputation effect (+): ◮ Same as with passive consumers ◮ Higher reputation cost when r is larger • Crowding out effect (–): ◮ Larger λ → larger λα → stronger ability to self-protect • Crowding out effect dominates when α is large

  23. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Extended Model New player: Bank • Affects overall security level via its investment, γ (0bserved) Provides partial insurance to consumer, β l Product valued at v Website Consumer Cust. info & rev., r Cust. info, prob (1 − q ) ρ B Attacks Losses, l prob (1 − q ) ρ B (1 − γ ) Fraud attempts Hackers Bank prob (1 − γ )

  24. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Extended Model New player: Bank • Affects overall security level via its investment, γ (0bserved) • Provides partial insurance to consumer, β l Product valued at v Website Consumer Cust. info & rev., r Cust. info, prob (1 − q ) ρ B Attacks Losses, l Bank’s liability, prob (1 − q ) ρ B (1 − γ ) β l Fraud attempts Hackers Bank prob (1 − γ )

  25. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Extended Model

  26. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Extended Model

  27. Introduction Baseline Model Main Results Extended Model Lit. Review Conclusion Appendix Extended Model Extended vs. Baseline: • Pr(Loss | Breach) = 1 − γ < 1 • Consumer learns of “bad” state with prob. λρ B (1 − γ ) < λρ B

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at

Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at

Mariana Raykova Data Security: Encryption and Digital Signatures Beyond security of data at rest and communication channels Security of Computation on Sensitive Inputs Secure multiparty computation (MPC) Differential privacy methods

595 views • 43 slides
How Big Data Is Driving Companies Data Security Data Science Digital Predictive Automation

How Big Data Is Driving Companies Data Security Data Science Digital Predictive Automation

How Big Data Is Driving Companies Data Security Data Science Digital Predictive Automation Analytics Top 10 Business Intelligence DevOps Trinity Chief Analytics Officer Buzzwords for 2019 ContinuousNext Digital Citizen Chatbots

223 views • 19 slides
Mariana Raykova Yale, Google Data Security: Encryption and Digital Signatures Beyond security

Mariana Raykova Yale, Google Data Security: Encryption and Digital Signatures Beyond security

Mariana Raykova Yale, Google Data Security: Encryption and Digital Signatures Beyond security of data at rest and communication channels Security of Computation on Sensitive Inputs Secure multiparty computation (MPC) Differential

848 views • 26 slides
Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

410 views • 19 slides
Digital Security Training A digital training brought to you by RSAT Security in partnership with

Digital Security Training A digital training brought to you by RSAT Security in partnership with

Digital Security Training A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Topics Covered Week 5 Week 1 Social Media Introduction to Information Security Week 6 Week 2 Responsible

190 views • 18 slides
Intelligent solutions for digital transformation We help companies unlock the value of their data

Intelligent solutions for digital transformation We help companies unlock the value of their data

Intelligent solutions for digital transformation We help companies unlock the value of their data DATA PROCESSING DATA ANALYSIS AUTOMATION Contents 1 About Aligned Research Group (ARG) 2 Analytics 3 Artificial Intelligence 4 DevOps 5 Security

559 views • 33 slides
Data Science and Security in Digital Governance Aspects and an Elastic Bus Transportation Scheme

Data Science and Security in Digital Governance Aspects and an Elastic Bus Transportation Scheme

Data Science and Security in Digital Governance Aspects and an Elastic Bus Transportation Scheme Movses Musaelian 1 , Md Zakirul Alam Bhuiyan 1* , Gary Weiss 1 , Tian Wang 2* , Guojun Wang 3* , Thaier Hayajneh 1 1 Department of Computer and

175 views • 16 slides
HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data

HPE SecureData for Big Data Platform HPE Vertica Big Data Platform HPE Security Data Security February 2016 Data Security Impacts Design and Delivery of Big Data Projects Data Security frequently is a leading Role Security Impacts

545 views • 23 slides
Digital Leave No One Behind Platform Virtual session on Digital Security civic --- 24th of

Digital Leave No One Behind Platform Virtual session on Digital Security civic --- 24th of

Gigi Pasco Ong-Alok - COC Nederland Digital Leave No One Behind Platform Virtual session on Digital Security civic --- 24th of March Space Why talk about digital civic space and digital rights? and Case Study: Digital space in the

418 views • 9 slides
Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication

Security Protocols Part 9 SSL Protocol Recap Digital Certificate Authentication Integrity Non-repudiation CA (Certification Authority) Issue digital certificates (via digital signature) Publish/Distribute digital

491 views • 13 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy &amp; Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS

Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS

Compliance Cautions INVESTIGATING SECURITY ISSUES ASSOCIATED WITH U.S. DIGITAL-SECURITY STANDARDS ROCK CK S STEVENS, KEVIN HALLIDAY, MICHELLE MAZUREK // UNIV IVERSIT ITY O OF M MARYLAND JOSIAH DYKSTRA, JAMES CHAPMAN, ALEX FARMER //

290 views • 27 slides
Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards

Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards

LASER Workshop 2020 Compliance Cautions Investigating Security Issues Associated with U.S. Digital-Security Standards Rock Stevens , Kevin Halliday, Michelle Mazurek / / University of Maryland Josiah Dykstra, James Chapman, Alexander F armer

345 views • 22 slides
2. Digital Data CHAPTER HIGHLIGHTS Elements of digital media. Digital codes. Di it l d

2. Digital Data CHAPTER HIGHLIGHTS Elements of digital media. Digital codes. Di it l d

CHAPTER 2. Digital Data CHAPTER HIGHLIGHTS Elements of digital media. Digital codes. Di it l d Digital files. Digitization process. Compression for digital media. Advantages of digital media. Challenges of digital

258 views • 14 slides
1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

1 Arbitrated Digital Signatures Digital Signature Standard (DSS) US Govt approved signature

CPE 542: CRYPTOGRAPHY &amp; NETWORK SECURITY Digital Signatures have looked at message authentication but does not address issues of lack of trust Chapter 13 Digital Signatures digital signatures provide the ability to:

361 views • 3 slides
Masterclass: Security in data, cloud and blockchain Professor Trish Williams Cisco Chair and

Masterclass: Security in data, cloud and blockchain Professor Trish Williams Cisco Chair and

Masterclass: Security in data, cloud and blockchain Professor Trish Williams Cisco Chair and Professor of Digital Health Systems Co-Director of Flinders Digital Health Research Centre College of Science and Engineering Flinders University,

839 views • 55 slides
e-FISCAL HPC/HTC vs. Cloud Benchmarking An empirical evalua.on

e-FISCAL HPC/HTC vs. Cloud Benchmarking An empirical evalua.on

e-FISCAL HPC/HTC vs. Cloud Benchmarking An empirical evalua.on of the performance and cost implica.ons Kashif Iqbal - PhD Kashif.iqbal@ichec.ie ICHEC, NUI Galway, Ireland

697 views • 26 slides
Welcome! Todays Agenda: The Postprocessing Pipeline Vignetting, Chromatic Aberration

Welcome! Todays Agenda: The Postprocessing Pipeline Vignetting, Chromatic Aberration

INFOGR Computer Graphics J. Bikker - April-July 2016 - Lecture 12: Post - processing Welcome! Todays Agenda: The Postprocessing Pipeline Vignetting, Chromatic Aberration Film Grain HDR effects Color Grading

1.63k views • 77 slides
Re Repr presentational Di Dimen ensions Com omputer Science c cpsc sc322, Lecture 2 2 (Te

Re Repr presentational Di Dimen ensions Com omputer Science c cpsc sc322, Lecture 2 2 (Te

Re Repr presentational Di Dimen ensions Com omputer Science c cpsc sc322, Lecture 2 2 (Te Text xtboo ook k Chpt1) Ma May, y, 1 16, 2 2017 CPSC 322, Lecture 2 Slide 1 Lectu ture re Ov Overv rvie iew Recap ap fr from l

318 views • 28 slides
Cybersecurity Considerations for Telework Security for Enterprises Enterprise Planning Plan

Cybersecurity Considerations for Telework Security for Enterprises Enterprise Planning Plan

Cybersecurity Considerations for Telework Security for Enterprises Enterprise Planning Plan telework-related security policies and controls based on a zero-trust model. Encrypt client devices storage, encrypt all sensitive data stored on

371 views • 9 slides
Large-Scale Data Engineering noSQL: BASE vs ACID event.cwi.nl/lsde THE NEED FOR SOMETHING

Large-Scale Data Engineering noSQL: BASE vs ACID event.cwi.nl/lsde THE NEED FOR SOMETHING

Large-Scale Data Engineering noSQL: BASE vs ACID event.cwi.nl/lsde THE NEED FOR SOMETHING DIFFERENT event.cwi.nl/lsde One problem, three ideas We want to keep track of mutable state in a scalable manner Assumptions: State organized

970 views • 59 slides
Knowledge Transfer and Partial Equity Ownership Arghya Ghosh and Hodaka Morita School of

Knowledge Transfer and Partial Equity Ownership Arghya Ghosh and Hodaka Morita School of

Introduction Model Analysis Product differentiation Conclusion Knowledge Transfer and Partial Equity Ownership Arghya Ghosh and Hodaka Morita School of Economics, UNSW Business School University of New South Wales 2nd ATE Symposium, UNSW,

532 views • 39 slides
CS510 Software Engineering Dynamic Program Analysis Asst. Prof. Mathias Payer Department of

CS510 Software Engineering Dynamic Program Analysis Asst. Prof. Mathias Payer Department of

CS510 Software Engineering Dynamic Program Analysis Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Scott A. Carr Slides inspired by Xiangyu Zhang http://nebelwelt.net/teaching/15-CS510-SE Spring 2015 Overview

718 views • 35 slides
CPSC 121: Models of Computation Instructor: Bob Woodham woodham@cs.ubc.ca Department of Computer

CPSC 121: Models of Computation Instructor: Bob Woodham woodham@cs.ubc.ca Department of Computer

CPSC 121: Models of Computation Instructor: Bob Woodham woodham@cs.ubc.ca Department of Computer Science University of British Columbia Lecture Notes 2009/2010, Section 203 CPSC 121: Models of Computation Menu January 18, 2010 Topics:

481 views • 7 slides

More recommend