Abstract
Based on the discussion of related concepts and technical theories, the information security resource allocation influencing factors index system is constructed from four aspects: resources, threat sources, vulnerabilities and security measures. With the further analysis of information security factors and their affecting mechanisms, the basic theoretical framework of information security resource allocation is established based on the evolutionary game. Under this framework, the subject relationship in various situations is analyzed. This research work can conduct a reasonable allocation of resources related to information security.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
The concept of smart cities, originating from the field of media, refers to using a variety of new technologies or innovative concepts to effectively connect and integrate various systems and services through reasonable resource allocation in cities, so as to optimize urban management and improve life quality of residents [1,2,3]. Smart cities fully apply all kinds of new technologies (such as Internet of things (IoT), cloud computing, virtual reality, etc.) into all walks of life in cities [4,5,6]. By establishing the interconnection in broadband ubiquitous networks, integrating application of intelligent technologies and sharing resources widely, smart cities obtain comprehensive and thorough perception abilities to realize fine and dynamic management of cities and effective improvement of life of residents [7,8,9,10].
Smart cities have been valued by countries all over the world since they came into being, which provide more convenience for people’s life while improving the intelligent level of cities [11,12,13]. However, smart cities are highly dependent on new technologies including cloud computing and IoT [14,15,16], which brings a hidden danger of spreading the information risk while applying technologies and poses multi-facetted impacts on information security in cities [17,18,19,20]. How to reasonably allocate the current resources in cities to avoid the information security risk as far as possible and obtain the maximum benefits has become a practical problem that smart cities have to be faced in their healthy development [21,22,23,24,25].
2 Influencing Factors Index System
Comprehensive analysis on factors influencing resource allocation to information security and establishment of the corresponding index system are the bases for reducing the information security risk in smart cities in the context of big data. From the perspective of information security, the first-level indexes in the index system can be summarized into four aspects, namely resources, threat sources, vulnerability and safety measures by combining with the current situations of smart cities..
2.1 Information Resources
There are many kinds of information resources, but it is evident that the higher the value of resources, the greater the risk may be faced in the actual situations. In accordance with relevant definitions of smart cities and information resources, the influencing factors of resources are sub-classified into three second-level indexes: management personnel, infrastructure and economic investment, that is, manpower, material resources and financial resources. By further analysing the information security risk based on these indexes, the third-level indexes are obtained and the results are shown in Fig. 1.
2.2 Threat Sources
Threat is an objective factor that probably causes the potential risk for information security in smart cities. The influencing factors of a threat source are sub-classified into two second-level indexes, namely technological and management threats. By further analysing the information security risk based on the indexes, the third-level indexes are obtained and the results are illustrated in Fig. 2.
Index system of factors influencing information security in smart cities based on resource value
Factors influencing information security in smart cities in the confirmation of the threat sources
2.3 Vulnerability
Vulnerability is considered mainly because in the context of big data, the defects of the information system in smart cities are threatened and taken advantages of, which renders the system possibly under risk of attack. The influencing factors of vulnerability are sub-classified into two second-level indexes: vulnerability in technology and management. The third-level indexes are obtained by analysing the information security risk based on the above factors, and the results are demonstrated in Fig. 3.
Factors influencing information security in smart cities in the identification of vulnerability
2.4 Safety Measures
Safety measures are a barrier to protect information security in smart cities, which can effectively reduce risks of security accidents and vulnerabilities, and provide technical supports and management mechanisms for some re-sources. The influencing factors of safety measures are sub-classified into two second-level indexes: preventive measures and protective measures, on which basis the information security risk is further analyzed to obtain the three-level indexes. The results are shown in Fig. 4.
Factors influencing information security in smart cities based on safety measures
3 Resource Allocation Framework to Information Security
With the constant development and progress in new technologies, such as artificial intelligence, big data, IoT, cloud computing and virtual reality, the development and construction of smart cities has been realized, but there are also great threats and challenges in information security. To effectively respond to these threats and challenges, by fully understanding the factors influencing resource allocation to information security, this study established a reasonable and effective theoretical framework of resource allocation to information security based on the current popular evolutionary game theory. The framework can play its due role in the protection of information security. By analysing the index system of influencing factors in the above section, it can be seen that these common links including software and hardware, data, network, application, external environment and management are involved in all influencing factors in smart cities. In a city, how to plan the limited resources and avoid the restrictions of the above factors, so as to play the maximum efficiency of all resources and well protect the information security is one of the problems that need to be considered. For a city that has communication with the outside world, all internal resources therein are regarded as a whole, in which some external resources can complement, be replaced, and weakly correlated with internal resources. How to allocate the resources reasonably to improve the safeguard effects on information security is also an issue to be considered. In conclusion, the resource allocation to information security in a smart city is to analyse how to allocate internal and external resources of the city. According to the evolutionary game theory, the theoretical framework of resource allocation to information security was obtained, as displayed in Fig. 5.
Theoretical framework of resource allocation to information security
4 Conclusions
On the basis of discussing relevant concepts and technical theories, the research established the index system of factors influencing resource allocation to information security from aspects including resources, threat sources, vulnerability, and safety measures. The factors and mechanisms that influence information security were analysed and the basic theoretical framework of resource allocation to information security was built based on evolutionary game. The resource allocation to information security is divided into internal and external resource allocation in cities, and the latter can be sub-divided into complementary, alternative, and weakly correlated external resource allocation. Moreover, subject relationships under various circumstances were analysed under the framework.
References
Knapp, K.J., Marshall, T.E.: Information security policy: an organizational-level process model. Comput. Secur. 28(7), 493–508 (2009)
Anjaria, K., Mishra, A.: Relating Wiener’s cybernetics aspects and a situation awareness model implementation for information security risk management. Kybernetes 47(1), 69–81 (2017)
Webb, J., Ahmad, A., Maynard, S.B., et al.: A situation awareness model for information security risk management. Comput. Secur. 44, 1–15 (2014)
Ahmad, A., Maynard, S.B., Park, S.: Information security strategies: towards an organizational multi-strategy per-spective. J. Intell. Manuf. 25(2), 357–370 (2014)
Bojanc, R.: An economic modeling approach to information security risk management. Int. J. Inf. Manage. 28(5), 413–422 (2008)
Nazareth, D.L., Choi, J.: A system dynamics model for information security management. Inf. Manage. 52(1), 123–134 (2015)
Houmb, S.H., Franqueira, V.N.L., Engum, E.A.: Quantifying security risk level from CVSS estimates of frequency and impact. J. Syst. Softw. 83(9), 1622–1634 (2010)
Feng, N., Li, M.: An information systems security risk assessment model under uncertain environment. Appl. Soft Comput. J. 11(7), 4332–4340 (2011)
Kong, H.K., Kim, T.S., Kim, J.: An analysis on effects of information security investments: a BSC perspective. J. Intell. Manuf. 23(4), 941–953 (2012)
Li, S., Bi, F., Chen, W., et al.: An improved information security risk assessments method for cyber-physical-social computing and networking. IEEE Access 6(99), 10311–10319 (2018)
Basallo, Y.A., Senti, V.E., Sanchez, N.M.: Artificial intelligence techniques for information security risk assessment. IEEE Lat. Am. Trans. 16(3), 897–901 (2018)
Grunske, L., Joyce, D.: Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles. J. Syst. Softw. 81(8), 1327–1345 (2008)
Gusm, O.A., Silval, C.E., Silva, M.M., et al.: Information security risk analysis model using fuzzy decision theory. Int. J. Inf. Manage. 36(1), 25–34 (2016)
Baskerville, R.: Integration of information systems and cybersecurity countermeasures: an exposure to risk perspective. Data Base Adv. Inf. Syst. 49(1), 69–87 (2017)
Huang, C.D., Hu, Q., Behara, R.S.: An economic analysis of the optimal information security investment in the case of a risk-averse firm. Int. J. Prod. Econ. 114(2), 793–804 (2008)
Yong, J.L., Kauffman, R.J., Sougstad, R.: Profit-maximizing firm investments in customer information security. Dec. Supp. Syst. 51(4), 904–920 (2011)
Li, J., Li, M., Wu, D., et al.: An integrated risk measurement and optimization model for trustworthy software pro-cess management. Inf. Sci. 191(9), 47–60 (2012)
Benaroch, M.: Real options models for proactive uncertainty-reducing mitigations and applications in cyber-security investment decision-making. Soc. Sci. Electron. Pub. 4, 11–30 (2017)
Gao, X., Zhong, W., Mei, S.: Security investment and information sharing under an alternative security breach probability function. Inf. Syst. Front. 17(2), 423–438 (2015)
Liu, D., Ji, Y., Mookerjee, V.: Knowledge sharing and investment decisions in information security. Dec. Supp. Syst. 52(1), 95–107 (2012)
Gao, X., Zhong, W., Mei, S.: A game-theoretic analysis of information sharing and security investment for complementary firms. J. Oper. Res. Soc. 65(11), 1682–1691 (2014)
Gao, X., Zhong, W.: A differential game approach to security investment and information sharing in a competitive environment. IIE Trans. 48(6), 511–526 (2016)
Wu, Y., Feng, G.Z., Wang, N.M., et al.: Game of information security investment: Impact of attack types and net-work vulnerability. Expert Syst. Appl. 42(15–16), 6132–6146 (2015)
Wang, Q., Zhu, J.: Optimal information security investment analyses with the consideration of the benefits of investment and using evolutionary game theory. In: Proceedings of the International Conference on Information Management, pp. 957–961 (2016)
Qian, X., Liu, X., Pei, J., et al.: A game-theoretic analysis of information security investment for multiple firms in a network. J. Oper. Res. Soc. 68(10), 1–16 (2017)
Acknowledgments
This research work is supported by the National Social Science Fund of China (18BTQ055), the Youth Fund of Hunan Natural Science Foundation (2020JJ5149, 2020JJ5150) and the Innovation Team of Guangdong Provincial Department of Education (2018KCXTD031). It is also supported by the Program of Guangdong Innovative Research Team (2020KCXTD040), the Pengcheng Scholar Funded Scheme, and the Basic Research Project of Science and Technology Plan of Shenzhen (SZIITWDZC2021A02, JCYJ20200109141218676).
Author information
Authors and Affiliations
Contributions
The authors declare that they have no conflict of interest.
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2022 The Author(s)
About this paper
Cite this paper
Li, J., Cheng, D., Xing, L., Tan, X. (2022). Information Security Resource Allocation Using Evolutionary Game. In: Qian, Z., Jabbar, M., Li, X. (eds) Proceeding of 2021 International Conference on Wireless Communications, Networking and Applications. WCNA 2021. Lecture Notes in Electrical Engineering. Springer, Singapore. https://doi.org/10.1007/978-981-19-2456-9_43
Download citation
DOI: https://doi.org/10.1007/978-981-19-2456-9_43
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-2455-2
Online ISBN: 978-981-19-2456-9
eBook Packages: EngineeringEngineering (R0)