Strategic Aspects of Cyber Risk Information Sharing

Laube S, Böhme R

Research article (journal) | Peer reviewed

Abstract

Cyber risk management largely reduces to a race for information between defenders of ICT systems and attackers. Defenders can gain advantage in this race by sharing cyber risk information with each other. Yet, they often exchange less information than is socially desirable, because sharing decisions are guided by selfish rather than altruistic reasons. A growing line of research studies these strategic aspects that drive defenders’ sharing decisions. The present survey systematizes these works in a novel framework. It provides a consolidated understanding of defenders’ strategies to privately or publicly share information and enables us to distill trends in the literature and identify future research directions. We reveal that many theoretical works assume cyber risk information sharing to be beneficial, while empirical validations are often missing.

Details about the publication

JournalACM Computing Surveys
Volume50
Issue5
StatusPublished
Release year2017
Language in which the publication is writtenEnglish
DOI10.1145/3124398
Link to the full texthttps://dl.acm.org/citation.cfm?id=3124398
KeywordsSecurity information sharing; cyber risk management

Authors from the University of Münster

Böhme, Rainer
IT Security Research Group (SECURITY)
Laube, Stefan
IT Security Research Group (SECURITY)