When Information Improves Information Security (CMU-CyLab-09-004)

We investigate a mixed economy of an individual rational expert and several naı̈ve near-sightedagents in the context of security decision making. Agents select between three canonical security ac-tions to navigate the complex security risks of weakest-link, best shot and total effort interdependencies.We further study the impact of two information conditions on agents’ choices. We provide a detailedoverview of a methodology to effectively determine and compare strategies and payoffs between thedifferent regimes. To analyze the impact of the different information conditions we propose a newformalization. We define the price of uncertainty as the ratio of the expected payoff in the completeinformation environment over the payoff in the incomplete information environment. ∗This work is supported in part by the National Science Foundation under ITR award ANI-0331659 (100x100), and the ArmyResearch Office through contract number DAAD19-02-1-0389. Jens Grossklags’ work is also funded through a University ofCalifornia MICRO project grant in collaboration with DoCoMo USA Labs.