Provisioning Network Security: Tradeoff between Information Access and Level of Security

It has been repeatedly pointed out that security problems in multi-agent systems are a manifestation of improper economic incentives provided for agents through mechanisms that are supposed to provide such incentives. This paper provides initial insight on how economics tools of utility theory and welfare economics may be used to analyze the behaviors of economic agents with respect to security choices. We consider a case where security can be produced in organization by using access to information systems as a production factor. There are important tradeoffs between access and security of information that leads to provisioning of additional amount of security being increasingly costly. We provide structural results that characterize these tradeoffs and demonstrate how different security preferences of agents may lead to suboptimal choice for the level of security. We further explore a game-theoretic formulation of the problem, modeling security provisioning in a two-player repeated game with side payments. Our results indicate importance of building long-term trust relationships in order to guarantee proper provisioning of security, as well as ability to find specific and payoff-independent values of payoff discounting factors that induce such trust-building and incentive-compatibility.