Economics of Information Security Investment in the Case of Simultaneous Attacks
|
|
- Matthew Day
- 5 years ago
- Views:
Transcription
1 Iowa State Unversty From the SelectedWorks of Qng Hu June, 006 Economcs of Informaton Securty Investment n the Case of Smultaneous Attacks C. Derrck Huang, Florda Atlantc Unversty Qng Hu, Florda Atlantc Unversty Rav S. Behara, Florda Atlantc Unversty Avalable at:
2 Economcs of Informaton Securty Investment n the Case of Smultaneous Attacks C. Derrck Huang Department of Informaton Technology & Operatons Management College of Busness Florda Atlantc Unversty Boca Raton, FL 3343 dhuang@fau.edu Qng Hu Department of Informaton Technology & Operatons Management College of Busness Florda Atlantc Unversty Boca Raton, FL 3343 qhu@fau.edu Rav S. Behara Department of Informaton Technology & Operatons Management College of Busness Florda Atlantc Unversty Boca Raton, FL 3343 rbehara@fau.edu Manuscrpt to be presented at The Ffth Workshop on the Economcs of Informaton Securty (WEIS 006)
3 Economcs of Informaton Securty Investment n the Case of Smultaneous Attacks ABSTRACT Wth bllons of dollars beng spent on nformaton securty related products and servces each year, the economcs of nformaton securty nvestment has become an mportant area of research, wth sgnfcant mplcatons for management practces. Drawng on recent studes that examne optmal securty nvestment levels under varous attack scenaros, we propose an economc model that consders smultaneous attacks from multple external agents wth dstnct characterstcs, and derve optmal nvestments based on the prncple of beneft maxmzaton. The relatonshps among the major varables, such as systems vulnerablty, securty breach probablty, potental loss of securty breach, and securty nvestment levels, are nvestgated va analytcal and numercal analyses subject to varous boundary condtons. In partcular, our model shows how a frm should allocate ts lmted securty budget to defend aganst two types of securty attacks (dstrbuted and targeted) smultaneously. Among the results of these analyses, we fnd that a frm wth a small securty budget s better off allocatng most or all of the nvestment to measures aganst one of the classes of attack. Further, when the potental loss from the targeted attacks and the system vulnerablty are relatvely large, the focal frm should allocate most of ts budget to such attacks. Keywords: Informaton Securty, Securty Investment, Economc Modelng, Optmal Investment Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page /33
4 . Introducton In the era of the commodtzaton of nformaton technology (IT) and the globalzaton of world economy, t s argued that the most challengng aspect of managng today s networked organzatons s not so much usng IT to create compettve advantages n the marketplace but managng the potental rsks created by IT (Carr, 003). And among the rsks, securty breach to the hghly connected corporate nformaton systems s perhaps the most promnent and vsble, as evdenced n the headlnes of mass meda n recent years. In a 003 survey of the Global 500 companes, 39% of the respondents reported that ther nformaton systems had been compromsed n some way n the pror year (Power, 003). And the general (and seemngly natural) reacton to ths growng rsk has been ncreased spendng on securty technologes. Whle worldwde IT spendng has remaned flat or even slghtly down n recent years after the burst of Internet bubble n 000, spendng on nformaton securty related products and servces by organzatons large and small has been growng at a rate of 7.6% per annum and s forecasted to reach $.6 bllon n 006 (AT&T, 004). However, t s commonly recognzed that complete nformaton securty at the corporate level s vrtually mpossble wthout hnderng the normal busness actvtes n today s economy, where connectvty to external busness partners and customers s essental. Gven the unattanable state of complete securty, n recent years, scholars and practtoners alke seek to address a dfferent queston about nformaton securty: How does a frm mnmze securty rsks wth lmted resources for mplementng securty technologes and programs? Ths queston has spawned two dstnct yet complementary streams of research: The determnaton of return on securty nvestments (ROSI) (Cavusoglu et al., 004, 005) and the search for optmal securty nvestment levels under dfferent securty threat scenaros (Gordon and Loeb, 00; Huang et al., Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 3/33
5 005a, 005b). In ths paper, we draw on the pror works n the latter stream and examne the optmal nvestment levels under a more realstc set of boundary condtons and assumptons. Specfcally, we develop securty nvestment optmzaton models that consder smultaneous attacks on the focal nformaton system by two types of external threats: the dstrbuted attack, such as computer vruses and spyware lurkng for opportuntes through random but massve campagns, and the targeted attack, va whch hackers attempt to break nto specfc systems to destroy, alter, or steal valuable data and nformaton. In so dong, we hope to advance the knowledge of economcs of nformaton securty and to provde nsght nto better nformaton securty management practces. The rest of the paper s arranged as follows. In the next secton, we revew the recent development n the area of economcs of nformaton securty and dentfy the gaps n the research lterature. In secton 3, we develop the core economc model of nformaton securty nvestment for managng the aforementoned two types of securty breaches. Ths model s then used to yeld optmal securty nvestments wthout (n secton 4) and wth (n secton 5) the constrant of securty budget. Numercal analyses are also performed to provde nsghts nto the behavors of the model and the nteractons of the varables under dfferent scenaros. Fnally, n secton 6, we dscuss the man fndngs of ths study n the context of nformaton securty practces. Lmtatons of the current approach and future research drectons for further advancng the research stream are also dscussed.. Research Background Research n the area of the economcs of nformaton securty nvestment, where the tradtonal decson analyss n determnng the optmal level of nvestments based on rsk and Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 4/33
6 return, s stll n ts early stage. Adoptng the assumpton of rsk neutralty, Gordon and Loeb (00a) analyze the optmal level of securty nvestments based on the prncple of maxmzng the net beneft of such nvestments. They fnd that the optmal nvestment n nformaton securty does not necessarly ncrease wth vulnerablty, mplyng that a frm should not always nvest to protect the most vulnerable nformaton systems. They also show that the optmal securty nvestment would be far less than the potental loss (wth a theoretcal maxmum of 36.8%) due to a securty breach. Huang et al. (005a, 005b) extend the above model by takng nto account the rsk profle of the decson maker of the frm n queston and adopt the expected utlty theory n optmzng the nformaton securty nvestment. When the decson maker s rsk averse a commonly accepted assumpton for frms wth good performance (Fegenbaum and Thomas, 988; Jegers, 99) they fnd that the optmal nformaton securty nvestment s zero below a mnmum potental loss; above that mnmum, optmal nvestment does ncrease wth potental loss. And, contrary to the rsk-neutral case, a rsk-averse decson maker may make securty nvestment close to (but never exceeds) the potental loss n the case of dstrbuted attacks. In addton, they fnd that a decson maker more averse to rsk (.e., wth less appette n acceptng rsk) does not necessarly nvests more n nformaton securty. In the case of frms wth nterconnected IT systems, Ogut, Menon, and Raghunathan (005) fnd that such nterdependency reduces the frms nformaton securty nvestments to a level lower than optmum. In contrast, when these nterconnected frms face lablty n IT securty the breached frm has to pay others for collateral damages they tend to over-nvest above the optmal level. Ths s because each frm can only optmze ts own utlty, even though some of the rsks are controlled by other nterconnected frms. Consequently, the nvestment Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 5/33
7 decson reached under such constrant s almost always sub-optmal, unless all nterconnected frms can plan and optmze ther nformaton securty nvestment jontly. So far, these economc studes have focused on optmzng the total nvestment n nformaton securty. But today s frms face dfferent types of securty challenges at the same tme. The most common are the dstrbuted attacks, such as vrus, spyware, phshng, and spam emal, that corporatons face on the daly or even hourly bass. The probablty of such dstrbuted attacks overwhelms other types of securty ncdents (CSO 005), but ther consequences are generally lmted. The targeted attacks, such as the purposeful penetraton nto the bank s systems to transfer large amount of money by hackers, consttute another class of securty challenges. Such attacks may be less frequent than dstrbuted attacks, but they tend to cause large damages to the targeted frms. For nstance, per-respondent loss from theft of propretary nformaton s three tmes that from vrus n the 005 CSI/FBI survey (Gordon et al., 005). Yet other classes, such as nsder attacks and property theft, of securty ncdents exst. Frms may need to nvest n dfferent measures to defend aganst dfferent classes of attacks, and economc analyss focusng on the optmal allocaton of nformaton securty nvestment to each of the classes can be helpful to decson makers. In the followng secton, we present a model for such a purpose. 3. Model Constructon We consder a sngle-perod, mult-event model for nformaton system securty of a frm (see Fgure for a conceptual descrpton of the model). Threat agents, whch can be external or nternal to the frm, generate attacks on the nformaton systems. Some of the attacks compromse the securty of the nformaton systems (wth the breach probablty ρ) cause Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 6/33
8 damages (of the potental loss L) to the frm. The securty rsk z the frm faces can therefore be wrtten as (Kaas et al., 00, Schechter 004) z = ρl. () The breach probablty ρ s a functon of the behavor of the attack agents, characterzed by ther attack probablty ξ, and the securty property of the nformaton systems, whch s n turn determned by the system vulnerablty and securty measures. For any gven system, the hgher the attack probablty, the hgher breach probablty; that s, ρ 0. The system ξ vulnerablty, v, s ntrnsc to the topology and connectvty of the frm s nformaton systems: the more access and connected the systems, the more ntrnscally vulnerable. In other words, v represents the probablty (0 v ) for a securty breach wthout any addtonal securty nvestment. The breach probablty s an ncreasng functon of v; that s, ρ 0. It s v mportant to note that, n ths defnton, the system s confguraton, access, and connectvty are dctated by the frm s busness requrements, not technology choces. So, for nstance, the frm n queston may choose to allow ts vendors to access certan areas of ts nformaton systems, a decson whch may facltate ts busness operatons but would ncrease the vulnerablty. To protect aganst the system vulnerablty beng exploted by threat agents, the frm nvest S n securty measures. Ths nvestment can take many forms, from technologes such as frewalls and ant-vrus software, to procedures such as auto log-off and password agng, to polces such as user tranng and securty audts. We requre that the effect of the securty nvestment s a reducton of breach probablty, or ρ 0. () S Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 7/33
9 We further assume that ths reducton s governed by the law of dmnshng return, whch mples that ρ 0. (3) S To summarze, the breach probablty can be descrbed as ρ = ρ( ξ, v, S), (4) subject to the boundary condton 0 ρ = ρ( ξ, v,0) = ξv. (5) Now we consder the case of n types of smultaneous attacks. We assume that each type of attack can be descrbed by ts own breach probablty and loss. In other words, z = ρ L, [, n] I, (6) where ρ = ρ (ξ, v, S ). Note that the vulnerablty v s the same for all attacks, because t s ntrnsc to the systems. L represents the potental economc (.e., monetary) loss the frm faces when the th type of attack happens. Ths loss can be the drect for nstance, stolen product nformaton or ndrect for nstance, customer losng trust of a company that could not safeguard credt card data result of securty breach of ths partcular type of attack. Wthout loss of generalty, we make the smplfyng assumpton that each L > 0 s a fxed amount, as estmated by the frm based on the type of attack. We further assume that L can be very large but always remans fnte; that s, our model does not cover the case of potental losses of a catastrophc level. So n the case of a frm facng n types of attacks, the total nformaton securty rsk can be expressed as Z = n = z = n = ρ (ξ, v, S )L. (7) Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 8/33
10 To protect aganst the th type of attack, the frm makes nvestment S to reduces the breach probablty ρ, hence, from (5) and (6), reducng the nformaton securty rsks that the frm faces by Δ z = ( ρ 0 ρ )L = ( ξ v ρ ) L. If the frm repeats the same process for all n types of attacks, the net beneft of all the securty nvestments of S, =..n, can be expressed as Φ( S,.., S n ) = = n = n = ( Δz ( ξ v ρ )L S ) n = S, (8) And t s subject to the boundary condton the margnal net beneft of any securty nvestment S at S = 0 s non-negatve; n other words, the ntal securty nvestment of S has to produce nonnegatve net beneft. Mathematcally, ths condton s wrtten as Φ ( S,.., S = 0,.., S n ) 0, =,.., n. (9) S The task of optmzng the securty nvestments s to maxmze ther benefts Φ. In later sectons, ths optmzaton s performed by settng the frst-order partal dfferentaton of Φ ( S,.., S n ) n (8) wth respect to each S ; that s Φ = 0. S And ths operaton ndeed yelds maxmum, not mnmum, of Φ: Φ ρ = L S S 0, (0) because ρ 0,, from (3). S We follow Gordon and Loeb (00) n makng the assumpton of a rsk-neutral frm. When the decson-maker of a frm s rsk-neutral, he s sad to be ndfferent towards nvestment decsons that carry the same expected values, even when they assume dfferent rsks (that s, dfferent probablty of realzaton). In general, the atttude towards rsk can be captured by the functonal form of the utlty functon u(w). For a dscusson of optmal nvestment n nformaton securty by a rsk-averse decson maker, see Huang et al. (005b). Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 9/33
11 Wthout loss of generalty, we consder the case of n =, or two smultaneous attacks. We can then rewrte (8) to Φ S, S ) = ( ξ v ρ )L + ( ξ v ρ )L ( S + ). () ( S For the two types of attacks, we adopt the two broad classes of securty breach probablty frst proposed by Gordon and Loeb (00): ξv ρ =, () κ S + S + ρ = ξv κ. (3) S and S represent securty nvestments made to counter Class and Class attacks, respectvely, and the parameters κ and κ measure the level of mpact of, or the return on, the securty nvestment. For any gven securty nvestment S, the hgher the κ, the more reducton of the breach probablty. We further smplfy t by assumng that ξ = ξ = ξ. The assocated potental losses of the two classes are L and L. The total securty nvestment that the frm makes n the case of two smultaneous attacks s the sum of the nvestments made to counter the ndvdual attacks: S = S + S. (4) Before we proceed, t s mportant to examne these two classes of attacks based on the property of the breach probabltes. ρ n () ncreases lnearly wth the system vulnerablty, a characterstcs generally exhbted by prmary attacks such as one targeted at a frm s databases that store customer credt card nformaton by explotng specfc system vulnerabltes. The Class securty breach probablty n (3), whch ncreases slowly at frst wth an ncrease n vulnerablty but then rapdly when the vulnerablty crosses a certan threshold (Fgure ), seems to approprately descrbe mass or dstrbuted attacks such as computer vrus attack through emal Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 0/33
12 attachments. Wth respect to the securty nvestment, Class probablty s much more convex n S than Class (Fgure 3), meanng that an ntal nvestment n securty s lkely to have a more sgnfcant mpact on the securty threats represented by ρ than those represented by ρ. Ths comparson fts well wth the response to securty nvestment by the reducton of breach probablty from dstrbuted attacks verses that from targeted attacks, because t s often more dffcult to stop a determned attacker who tres to break nto a partcular system wth known or unknown vulnerabltes. Based on these characterstcs, we post that that Class n () best descrbes a targeted attack, whle Class n (3) can be regarded as that related to a mass or dstrbuted attack (Huang et al., 005). Substtutng () and (3) nto () and rearrange the terms, we have ξvκ SL κ S Φ( S, S ) = + ξv( v )L ( S + S ). κ S + (5) Maxmzng the total net beneft Φ n (5) then yelds the optmal securty nvestments for both classes of attacks. In the followng sectons, we examne several models, each wth dfferent assumptons and constrants, to arrve at the optmal level of securty nvestments S and S. 4. Independent Investments wthout Constrants Our frst model concerns wth the stuaton where the frm evaluates nvestment for each type separately wth no budget constrant, and securty measures deploy to combat Class attacks do not have any effects on Class attacks and vce versa. In other words, the decson on and the mpact of nvestments S and S are completely ndependent of each other. We frst apply (9) to S and S n (5) ndependently to produce the followng boundary condtons: Φ S (0, S ) 0 v ξκl ; (6) Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page /33
13 Φ ( S S,0) 0 v ln v ξκ L. (7) In ths case, we solve for optmal nvestments for Class and Class by takng the partal dervatve of (5) wth respect to one whle holdng the other constant: Φ ( S S *, S ) S = 0, (8) and Φ S ( S, S * ) S = 0. (9) These two frst order condtons yeld the optmal nvestments S * and S *. Wth (4), we get S* = ξvκ L κ + κ ln ln. (0) v ξκ L v ln v A quck comparson between (6) and the ndvdual optmzaton based on Class and Class attack alone (equatons (6) and (8) n Gordon and Loeb, 00) shows that the S* n ths case s the straght sum of the optmal nvestments obtaned by optmzng the utlty functon wth respect to ndvdual attacks separately, whch s to be expected. Equaton (0) s plotted n Fgure 4. From boundary condton (6), we notce that there exsts a lower bound of v for fndng S*. However, n the case of L > L, ths v lower bound can be very small wth large L. Further, the optmal nvestment does not strctly ncrease wth vulnerablty. S* ncreases wth v ntally, starts to drop after certan v, and eventually becomes an strctly ncreasng functon of v when v s large. To summarze, the optmal total nvestment S* n nformaton securty n the case of smultaneous attack, wth no addtonal constrants, becomes nonzero above some Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page /33
14 mnmum vulnerablty v and ncreases wth v thereafter. When v becomes large, S* starts to drop, but eventually becomes a strctly ncreasng functon of v. 5. Independent Investments wth Budgetary Constrant Equaton (0) gves the optmal level when the frm makes decsons on how much to nvestment to protect ts nformaton systems from two classes of ndependent but smultaneous attacks. Ideally the nvestments would be solely determned by system parameters such as v, ξ, and L. In realty, however, a frm s ablty to nvest n nformaton securty, or anythng else for that matter, s lmted by ts budget. That s, a frm may not be able to make certan level of securty nvestment even when t was deemed optmal economcally. Faced wth a budgetary requrement, the frm then has to decde how much of the total securty budget to allocate to Class or Class attack. The total nvestment thus becomes a constrant that represents the budgetary requrement, nstead of a dependent varable (as n (0) and Fgure 4). In ths secton, we examne the optmal allocaton of nformaton securty nvestment among two classes of smultaneous attacks n the exstence of such budgetary constrant. 5.. The Model Assume that the frm has set the total securty nvestment to a fxed amount S. It follows that S + S = S, no matter what the threat or vulnerablty levels are. In other words, S and S are no longer ndependent of each other. In ths case, we rewrte ρ n (3) nto a functon of S by notng that S = S - S : ρ ( S) ξ ξ κ (S S ) + κ S+ κ S = v = v v. () Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 3/33
15 And we also have ρ S = κ ln vξv κ S+ v κ S () and ρ S = κ (ln v) ξv κ S+ v κ S. (3) Substtutng (4) and () nto (), we get ξvκ SL κ S κ S Φ( S) = + ξv( v )L κ S + S. (4) Dfferentatng Φ(S ) wth respect to S, we get Φ S S,L,L, v, ξ ρ = L S ξκvl = ( κ S + ) ρ S L + ξκ ln vl v κ S+ v κ S, (5) The boundary condton (9) requres that (5) s equal to or greater than zero when S = 0. After rearrangng terms, we get L L κ κ S (ln v ) v. (6) κ And ths leads to the followng (proof s omtted): Corollary. In the case of ndependent nvestments to counter the attacks as descrbed by the two breach probablty functons () and (3), the total budget constrant has a lower bound S 0 L = κ ln κ ln v L ln v κ L κ L κ when v < v' = e. (3) s always non-negatve, because lnv s negatve for all v [0,]. Note that, however, ths does not volate the condton for breach probablty (3), because when S ncreases, S actually decreases due to the fxed budget S, so ρ S 0 stll holds. Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 4/33
16 To fnd the optmal nvestment S * (and S * s therefore determned), we set (5) to zero. After rearrangng terms, we get the followng equaton: ( κ S κ * v S * + ) L = L κ (ln v) v κ κ S. (7) We frst note that (7) ndeed yelds the maxmum of Φ(S ), because both ρ 0 S (from (3)) and ρ 0 S (form (3)), Φ S ρ ρ = L L S S 0. (8) We also note that the boundary condton (6) holds for (7), because the left-hand sde of (7) s always smaller than or equal to one: S* v κ * (snce v [0, ]) and ( κ S + ), for all S * > 0. A close examnaton shows that a closed-form S * cannot be obtaned from (7), but some analyses of the absolute value of S * can be done wthout such a soluton. When S ncreases, the L κ rght hand sde of (7) decreases (snce (ln v) > 0), gvng rse to a larger S * n the left L κ hand sde, whch s a strctly decreasng functon of S * for all S * > 0 (snce v [0, ]). That s, when the total budget S ncreases, so does the optmal nvestment S *. Further, snce lnv < 0, κ * v S L. * ( κ S + ) L (9) And because, agan, the left hand sde s a decreasng functon S *, we conclude that, from (9), S * ncreases wth the rato L /L. That s, optmal nvestment S * s hgher when the potental loss L s hgher relatve to the potental loss L. To summarze, when a frm faces two smultaneous attacks, the absolute value of the optmal securty nvestment aganst one of the Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 5/33
17 attacks ncreases wth the total securty budget, as well as wth the ncrease of the relatve potental loss of that attack to that of the other one. 5.. Computatonal Results Of partcular nterest n (7) s how the frm would allocate securty nvestments gven a budgetary constran. Because no closed-form soluton s possble, we use numercal analyss to examne the optmal nvestment allocaton to Class attack, as represented by S */S (and allocaton to Class attack, S */S, s thus determned). In ths secton, we compute and graph S */S wth respect to four parameters of nterest, namely the total securty budget S, the system vulnerablty v, rato of nvestment effectveness κ and κ, and the rato of potental loss L and L. The frst set of numercal analyss examnes how S */S vares wth v, the ntrnsc system vulnerablty. We fx κ, κ, L, L, and S, and run a seres of v values to obtan the rato S */S. Fgure 5 shows the result of S */S vs. v for three dfferent sets of potental loss values (L = L = $M; L = $M and L = $M; L = $M and L = $M), whle fxng κ = κ = and S = $00,000 (as 5% of ether L or L ). We can see that, for each combnaton of L and L, S */S ncreases wth v between a mnmum v where S * remans zero and a maxmum v where S */S approaches 00%. Further, the relatve sze of L shfts the curve to the left. The computatonal result n Fgure 5 s readly understood when compared wth the result of the sngle-event model presented by Gordon and Loeb (00) as well as the ndependent model n Secton 4. When attacks are consdered separately, optmzed nvestment for Class starts at a hgher v than that for Class. However, the latter drops off to zero when v gets large, whle the former contnues to ncrease wth v. Therefore, when the total nvestment s fxed, the Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 6/33
18 optmal allocaton would shfts gradually from Class to Class wth ncreasng vulnerablty. And when Class attack takes on more mportance (as represented by the relatve sze of L vs. L ), ths shft from Class to Class happens at a lower v (thus coverng a broader range of v). As a summary, when a frm faces two smultaneous attacks wth a fxed total securty nvestment budget, the frm should optmally allocate all of ts nvestment to Class when the system vulnerablty s low, gradually ncreases, and eventually allocates all, ts nvestment to Class. Wth larger potental loss due to Class attack vs. that from the Class attack, the range of vulnerablty where the optmal nvestment allocated to the former s wder (.e., starts at a smaller vulnerablty). Next, we examne how S */S vares wth L /L, by fxng S, v, κ, and κ. Fgure 6 shows the result of one such set of computaton, where we fx κ = κ = , v = 0.4, and L = $M whle recordng the relatonshp S */S vs. L /L by varyng L for S = $00,000 (5% of L ) and S = $500,000 (.5% of L ). The result confrms the observaton n Secton 5. that S * ncreases wth the rato L /L for a fxed S. We further note that for the curve wth small S (S=5% of L ), S * starts to become nonzero when L s about half of L and takes all of the budget S when L reaches twce as much as L. The curve of larger S (S =.5% of L ), on the other hand, s smoother and over a larger range of L /L. In other words, the shft of allocaton from nvestng aganst one class of attack to the other occurs at a hgher relatve loss and ncreases faster when the total budget s smaller. Our next numercal analyss focuses on how the effectveness of securty nvestment, represented by κ and κ, affects the allocaton of nvestment. Ths s done by leavng all other parameters (S, L /L, and v) constant whle varyng κ /κ. Fgure 7 shows the result of ths calculaton for L = L = $M, v = 0.4, and S = $00,000 (5% of L) and S = $500,000 (.5% of Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 7/33
19 L). Intally, allocaton to Class I (as represented by S */S) ncreases quckly wth κ /κ ; that s, S * s share of the total nvestment grows as the effectveness of S n reducng ρ vs. S s effectveness n reducng ρ ncreases. However, after κ /κ reaches certan level, the share of S * starts to decrease, albet slowly. In other words, when a frm nvests a fxed amount of budget aganst two smultaneous attacks, allocaton to nvestng n protectng aganst one class of attack ncreases wth the effectveness of such nvestment vs. that of the nvestment n the other class. When the relatve effectveness reaches a certan level, however, the allocaton of nvestment starts to shft towards the less effectve class. Ths result can be nterpreted as follows. Intally, when κ /κ s very small, nvestng n measures aganst Class attack s smply too neffectve, resultng n a zero allocaton to t. S * starts to become postve after certan level of κ /κ ; wth ncreasng κ /κ, the optmal allocaton to S * ncreases to capture the ncreasng relatve effectveness of nvestment n Class. Here, smlar to the case of S */S vs. L /L for the reason of nvestment effcency, the mnmum level of κ /κ for S * to become nonzero and the rate of ncrease thereafter are hgher for small S. As κ /κ crosses certan level, S * starts to decrease wth ncreasng κ /κ, sgnalng that the gan n ncreasng effectveness has peaked. When ths happens, the optmal allocaton starts to shft more towards Class. Our last, but arguably the most nterestng, analyss s focused on the optmal allocaton among S * and S * at dfferent levels of budgetary constrant S. From Secton 5., we know that S * ncreases wth S. A quck glance at (7) leads one to suspect that when the total securty budget S goes up, the optmal allocaton to Class attack also ncreases: For a fxed L L κ κ (ln v), the rate of ncrease of S * s hgher than the rate of ncrease of S, because the value of the left hand sde of (7) s offset by the denomnator ( κ + for all S * > 0. * S ) Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 8/33
20 However, ths observaton may not hold true for all S at vared combnatons of all other parameters, n partcular v, κ, and κ, because of the presence of S n the exponent on the rght hand sde as well as the boundary condton (6). We therefore perform numercal analyss on (7) to uncover the effect of the budgetary constran S on the optmal allocaton to S *. Two sets of the computatonal results are presented n Fgures 8 and 9, where S */S, the optmal allocaton to Class attack, s plotted aganst S/L, the normalzed budget constrant, n a famly of so-vulnerablty curves. In Fgure 8, wth κ = , κ = , L = $M, and L = $3M, those curves are all concave and ncreasng, mplyng that the percentage allocated to S * ncreases, albet at a decreasng rate, wth S. Also, both the value and the slope of S */S s hgher for larger v, mplyng that the allocaton to S * ncreases wth v for any gven S. These results are consstent wth both the above observaton of (7) and earler result wth respect to v. However, Fgure 9, where we set κ = κ = and L = L = $M, shows a dstnctvely dfferent behavor of S */S vs. S/L. At small v, the so-vulnerablty curves are concave and ncreasng, smlarly to those n Fgure 6. When v become suffcently large, however, the so-vulnerablty curves become U-shape. That s, for v greater than some nflecton pont v, S */S s convex and non-ncreasng n S/L : at small S, S * s share decreases wth ncreasng total nvestment, and approaches 00% when S 0; for large S, optmal allocaton S I * ncreases wth the total nvestment, and approaches 00% when S becomes large. And throughout all levels of total nvestment, S I * s share never approaches 0. From the modelng perspectve, the dstnctve behavor can be partally explaned by L κ Corollary. For any gven κ, κ, L, and L, S has a lower bound when v < v' = e, hence the lower curves n Fgure 9. When v > v, S no longer has lower lmt, and the curves cover the L κ Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 9/33
21 whole range of S. ( v ' = e n Fgure 9.) However, when L L κ κ becomes large L κ enough such that ' = L κ v e >, the lower bound S 0 exsts for all v [0,], and all the sovulnerablty curves behave lke those n Fgure 8. In summary, our computatonal result shows that under most crcumstances (e.g., Fgure 8 and part of Fgure 9), the optmal allocaton to Class ncreases wth total securty budget. However, when the potental loss from Class attack s suffcently small compared to that from the Class attack, and when the system vulnerablty s suffcently large, optmal allocaton to protectng aganst Class attack approaches 00% when the total nvestment constrant s very small, decreases and then ncreases wth ncreasng S, and approaches 00% wth large budgetary constrant. 6. Dscussons and Conclusons So far, the analyses have been strctly based on the mathematc propertes of the models. In the secton, we attempt to lnk the modelng results to practce, hopng to gan nsght nto the management of nformaton securty nvestment. In the case of ndependent nvestments wth no budgetary constrants, our analyss shows two nterestng characterstcs. Frst, there exsts a mnmum vulnerablty below whch nvestment s zero. Ths tolerance threshold for not nvestng s much lower, as can be expected, when breaches from targeted attacks would cause large losses. The second characterstc s the drop n total nvestment beyond a specfc vulnerablty. In practce, beyond ths level of vulnerablty, t may be more benefcal for the frm to concentrate on recovery from the losses (such as mantanng system ntegrty, ensurng busness contnuance or mtgatng lablty ncurred) than on nvestment to defend aganst vulnerablty. Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 0/33
22 When the total budget s lmted, the absolute level of nvestment to protect aganst a specfc type of attack ncreases as the potental loss from type of attack ncreases or when the total budget ncreases. Ths s an expected reacton. And when we consder the relatve loss between targeted and dstrbuted attacks, we fnd that frms could start shftng nvestment allocaton from protectng aganst dstrbuted attacks to protectng aganst targeted attacks as the loss assocated wth the latter ncreases. As can be expected, such shfts begn to occur at lower vulnerabltes when the losses from targeted attacks are greater. Ths can be nterpreted as smply a case of placng more nvestment to protect aganst the greater loss. The nterestng outcome of the analyss, however, s that the fxed budget can very quckly get absorbed n protectng aganst targeted attacks wth slght ncreases n vulnerablty, exposng the frm to dstrbuted attacks wth non-zero potental losses. Further, when the total nvestment s small, the shft of allocaton from protectng aganst one threat to another s qucker. Ths result can be understood from the perspectve of the effectve use of nvestment: When the total budget s small, t may be better off for the frm to concentrate the nvestment n one class of attack when the other class poses relatve low rsks (.e., when L /L s small); but when the latter does mpose enough threat (as demonstrated by large enough L /L ) to justfy a dverson of funds from the frst one, allocaton goes up quckly, because a small porton of the already small total may not produce much effect. We also fnd that the nvestment allocaton to securng aganst targeted attacks ncreases wth an ncrease n the relatve effectveness of that nvestment. Ths s a reasonable response n any frm. However, our analyss also shows that beyond a certan level of ncreased relatve effectveness, allocaton of nvestment n that category peaks and then reduces relatve to the allocaton n the other category, mplyng that nvestment n the former s so effectve that less Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page /33
23 allocaton s needed to acheve some requred level of securty. It s also nterestng to note that for smaller total budgets, the peak allocaton for protectng aganst targeted attacks occurs at a hgher relatve effectveness and a greater share of total budget. Ths result can sgnal the presence of a crtcal mass of nvestment for protectng aganst targeted attacks, rrespectve of the nvestment effectveness. The observaton of the optmal allocaton wth respect to the sze of budget constrant has nterestng practcal mplcatons. Under most crcumstances, when a frm faces both dstrbuted and targeted attacks, the percentage allocated to protectng aganst the latter goes up wth ncreasng securty budget. Ths can be understood from the fact that dstrbuted attacks are, n general, less sophstcated and stopped more effectvely wth relatvely low amount of securty nvestments. Thus, when the budget s small, t s more effectve to allocate the bulk of t to dstrbuted attacks; and wth an ncreased securty budget, more allocaton would go to targeted attacks. However, when the potental loss from targeted attacks s suffcently large, the frm wth a large nformaton systems vulnerablty and a very small securty budget would cast all securty nvestments aganst targeted attacks. It would gradually reduce the allocaton percentage wth ncreasng budget, but eventually start ncreasng the allocaton ultmately to 00%. When vulnerablty s large, the rsk from targeted attack s hgh and very real (due to hgh potental rsk), and allocatng the bulk of the securty budget would make sense even when t s very small. And the budget becomes larger, dstrbuted attack gets ts own share of nvestment, and the allocaton curve exhbts behavor common to other stuatons. In ths study, we analyze the securty nvestment decson for a frm facng multple attacks wth the help of economc modelng. Our results, n partcular, offer nsghts nto how a decson maker should allocate securty nvestment budget at varous levels of systems Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page /33
24 vulnerablty, relatve potental loss, nvestment effectveness, and total budget. As wth all models, a number of assumptons are made to make our model manageable but may lmt ts applcablty to practce. For nstance, we follow a prevous study n assumng that the frm s rsk-neutral (Gordon and Loeb, 00), whle, n realty, many decson makers can be regarded rsk-averse. Also, our model assumes that the securty nvestments to counteract the two classes of attacks are ndependent of each other, whle, n realty, securty measures taken to prevent one class of attack may help prevent another class of attack. Future studes that relax these and other assumptons, as well as emprcal verfcatons of the modelng results, can help advance ths stream of research. References AT&T (004). Network securty: Managng the rsk and opportunty. AT&T Pont of Vew, July 004, -. Carr, N. G. (003). IT Doesn t Matter. Harvard Busness Revew, 8(5), 4-49 CSO (005). 005 E-Crme Watch Survey: Summary of Fndngs. Framngham, Mass.: CSO Magazne. Fegenbaum, A., and Thomas, H. (988). Atttudes toward rsk and the rsk-return paradox: Prospect theory explanatons. Academy of Management Journal, 3(), Gordon, L.A., and Loeb, M.P. (00). The Economcs of Informaton Securty Investment. ACM Transactons on Informaton and Systems Securty, 5(4), Gordon, L.A., Loeb, M.P., Lucyshyn, W., and Rchardson, R. (005). 005 CSI/FBI Computer Crme and Securty Survey. Computer Securty Insttute. Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 3/33
25 Huang, C.D., Hu, Q., and Behara, R. (005a). In search for optmal level of nformaton securty nvestment n rsk-averse frms. Proceedngs of the Thrd Annual Securty Symposum, Tempe, Arzona, September 8-9. Huang, C.D., Hu, Q., and Behara, R. (005b). Investment n nformaton securty by a rskaverse frm. Proceedngs of the 005 Softwars Conference, Las Vegas, Nevada, December 0-. Jegers, M. (99). Prospect theory and the rsk-return relaton: Some Belgan evdence. Academy of Management Journal, 34(), 5-5. Kaas, R., Gavaerts, M., Phaene, J., and Dennt, M. (00). Modern Actuaral Rsk Theory, Boston, Mass.: Kluwer Academc Publshers. Ogut, H., Menon, N., and Raghunathan, S. (005). Cyber Insurance and IT securty nvestment: Impact of nterdependent rsk. Proceedngs of the Workshop on the Economcs of Informaton Securty (WEIS05), Kennedy School of Government, Harvard Unversty, Cambrdge, Mass., June -3. Power, R. (003). 003 Global Securty Survey, Delotte Touche Tohmatsu. Accessed on March 7, 003, onlne at Schechter, S.E. (005). Toward econometrc models of the securty rsk from remote attacks. IEEE Securty & Prvacy, 3(), Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 4/33
26 Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 5/33
27 t Securty breach probablty ρ t κ S + Class II Class I 0 Vulnerablty v Fgure. Securty breach probablty functons vs. v Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 6/33
28 vt Securty breach probablty ρ Class I Class II 0 Securty nvestment S Fgure 3. Securty breach probablty functons vs. S Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 7/33
29 L > L Optmal Investment S* L < L L = L 0 Vulnerablty v Fgure 4. Optmal Informaton Securty Investment vs. v, Independent Investments wth No Addtonal Constrants Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 8/33
30 Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 9/33
31 Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 30/33
32 Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 3/33
33 Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 3/33
34 Huang, Hu, Behara (The Ffth Workshop on the Economcs of Informaton Securty) Page 33/33
Elements of Economic Analysis II Lecture VI: Industry Supply
Elements of Economc Analyss II Lecture VI: Industry Supply Ka Hao Yang 10/12/2017 In the prevous lecture, we analyzed the frm s supply decson usng a set of smple graphcal analyses. In fact, the dscusson
More informationA MODEL OF COMPETITION AMONG TELECOMMUNICATION SERVICE PROVIDERS BASED ON REPEATED GAME
A MODEL OF COMPETITION AMONG TELECOMMUNICATION SERVICE PROVIDERS BASED ON REPEATED GAME Vesna Radonć Đogatovć, Valentna Radočć Unversty of Belgrade Faculty of Transport and Traffc Engneerng Belgrade, Serba
More informationClearing Notice SIX x-clear Ltd
Clearng Notce SIX x-clear Ltd 1.0 Overvew Changes to margn and default fund model arrangements SIX x-clear ( x-clear ) s closely montorng the CCP envronment n Europe as well as the needs of ts Members.
More informationChapter 5 Bonds, Bond Prices and the Determination of Interest Rates
Chapter 5 Bonds, Bond Prces and the Determnaton of Interest Rates Problems and Solutons 1. Consder a U.S. Treasury Bll wth 270 days to maturty. If the annual yeld s 3.8 percent, what s the prce? $100 P
More informationConsumption Based Asset Pricing
Consumpton Based Asset Prcng Mchael Bar Aprl 25, 208 Contents Introducton 2 Model 2. Prcng rsk-free asset............................... 3 2.2 Prcng rsky assets................................ 4 2.3 Bubbles......................................
More informationFinance 402: Problem Set 1 Solutions
Fnance 402: Problem Set 1 Solutons Note: Where approprate, the fnal answer for each problem s gven n bold talcs for those not nterested n the dscusson of the soluton. 1. The annual coupon rate s 6%. A
More informationMoney, Banking, and Financial Markets (Econ 353) Midterm Examination I June 27, Name Univ. Id #
Money, Bankng, and Fnancal Markets (Econ 353) Mdterm Examnaton I June 27, 2005 Name Unv. Id # Note: Each multple-choce queston s worth 4 ponts. Problems 20, 21, and 22 carry 10, 8, and 10 ponts, respectvely.
More informationPrice and Quantity Competition Revisited. Abstract
rce and uantty Competton Revsted X. Henry Wang Unversty of Mssour - Columba Abstract By enlargng the parameter space orgnally consdered by Sngh and Vves (984 to allow for a wder range of cost asymmetry,
More informationFORD MOTOR CREDIT COMPANY SUGGESTED ANSWERS. Richard M. Levich. New York University Stern School of Business. Revised, February 1999
FORD MOTOR CREDIT COMPANY SUGGESTED ANSWERS by Rchard M. Levch New York Unversty Stern School of Busness Revsed, February 1999 1 SETTING UP THE PROBLEM The bond s beng sold to Swss nvestors for a prce
More informationOPERATIONS RESEARCH. Game Theory
OPERATIONS RESEARCH Chapter 2 Game Theory Prof. Bbhas C. Gr Department of Mathematcs Jadavpur Unversty Kolkata, Inda Emal: bcgr.umath@gmal.com 1.0 Introducton Game theory was developed for decson makng
More information15-451/651: Design & Analysis of Algorithms January 22, 2019 Lecture #3: Amortized Analysis last changed: January 18, 2019
5-45/65: Desgn & Analyss of Algorthms January, 09 Lecture #3: Amortzed Analyss last changed: January 8, 09 Introducton In ths lecture we dscuss a useful form of analyss, called amortzed analyss, for problems
More informationFinancial mathematics
Fnancal mathematcs Jean-Luc Bouchot jean-luc.bouchot@drexel.edu February 19, 2013 Warnng Ths s a work n progress. I can not ensure t to be mstake free at the moment. It s also lackng some nformaton. But
More informationTests for Two Correlations
PASS Sample Sze Software Chapter 805 Tests for Two Correlatons Introducton The correlaton coeffcent (or correlaton), ρ, s a popular parameter for descrbng the strength of the assocaton between two varables.
More informationUNIVERSITY OF NOTTINGHAM
UNIVERSITY OF NOTTINGHAM SCHOOL OF ECONOMICS DISCUSSION PAPER 99/28 Welfare Analyss n a Cournot Game wth a Publc Good by Indraneel Dasgupta School of Economcs, Unversty of Nottngham, Nottngham NG7 2RD,
More informationApplications of Myerson s Lemma
Applcatons of Myerson s Lemma Professor Greenwald 28-2-7 We apply Myerson s lemma to solve the sngle-good aucton, and the generalzaton n whch there are k dentcal copes of the good. Our objectve s welfare
More informationCHAPTER 9 FUNCTIONAL FORMS OF REGRESSION MODELS
CHAPTER 9 FUNCTIONAL FORMS OF REGRESSION MODELS QUESTIONS 9.1. (a) In a log-log model the dependent and all explanatory varables are n the logarthmc form. (b) In the log-ln model the dependent varable
More informationAppendix - Normally Distributed Admissible Choices are Optimal
Appendx - Normally Dstrbuted Admssble Choces are Optmal James N. Bodurtha, Jr. McDonough School of Busness Georgetown Unversty and Q Shen Stafford Partners Aprl 994 latest revson September 00 Abstract
More informationMgtOp 215 Chapter 13 Dr. Ahn
MgtOp 5 Chapter 3 Dr Ahn Consder two random varables X and Y wth,,, In order to study the relatonshp between the two random varables, we need a numercal measure that descrbes the relatonshp The covarance
More information2) In the medium-run/long-run, a decrease in the budget deficit will produce:
4.02 Quz 2 Solutons Fall 2004 Multple-Choce Questons ) Consder the wage-settng and prce-settng equatons we studed n class. Suppose the markup, µ, equals 0.25, and F(u,z) = -u. What s the natural rate of
More informationQuiz on Deterministic part of course October 22, 2002
Engneerng ystems Analyss for Desgn Quz on Determnstc part of course October 22, 2002 Ths s a closed book exercse. You may use calculators Grade Tables There are 90 ponts possble for the regular test, or
More information- contrast so-called first-best outcome of Lindahl equilibrium with case of private provision through voluntary contributions of households
Prvate Provson - contrast so-called frst-best outcome of Lndahl equlbrum wth case of prvate provson through voluntary contrbutons of households - need to make an assumpton about how each household expects
More informationProblem Set 6 Finance 1,
Carnege Mellon Unversty Graduate School of Industral Admnstraton Chrs Telmer Wnter 2006 Problem Set 6 Fnance, 47-720. (representatve agent constructon) Consder the followng two-perod, two-agent economy.
More informationECE 586GT: Problem Set 2: Problems and Solutions Uniqueness of Nash equilibria, zero sum games, evolutionary dynamics
Unversty of Illnos Fall 08 ECE 586GT: Problem Set : Problems and Solutons Unqueness of Nash equlbra, zero sum games, evolutonary dynamcs Due: Tuesday, Sept. 5, at begnnng of class Readng: Course notes,
More informationMaturity Effect on Risk Measure in a Ratings-Based Default-Mode Model
TU Braunschweg - Insttut für Wrtschaftswssenschaften Lehrstuhl Fnanzwrtschaft Maturty Effect on Rsk Measure n a Ratngs-Based Default-Mode Model Marc Gürtler and Drk Hethecker Fnancal Modellng Workshop
More informationProspect Theory and Asset Prices
Fnance 400 A. Penat - G. Pennacch Prospect Theory and Asset Prces These notes consder the asset prcng mplcatons of nvestor behavor that ncorporates Prospect Theory. It summarzes an artcle by N. Barbers,
More informationWages as Anti-Corruption Strategy: A Note
DISCUSSION PAPER November 200 No. 46 Wages as Ant-Corrupton Strategy: A Note by dek SAO Faculty of Economcs, Kyushu-Sangyo Unversty Wages as ant-corrupton strategy: A Note dek Sato Kyushu-Sangyo Unversty
More informationSurvey of Math: Chapter 22: Consumer Finance Borrowing Page 1
Survey of Math: Chapter 22: Consumer Fnance Borrowng Page 1 APR and EAR Borrowng s savng looked at from a dfferent perspectve. The dea of smple nterest and compound nterest stll apply. A new term s the
More informationUniversity of Toronto November 9, 2006 ECO 209Y MACROECONOMIC THEORY. Term Test #1 L0101 L0201 L0401 L5101 MW MW 1-2 MW 2-3 W 6-8
Department of Economcs Prof. Gustavo Indart Unversty of Toronto November 9, 2006 SOLUTION ECO 209Y MACROECONOMIC THEORY Term Test #1 A LAST NAME FIRST NAME STUDENT NUMBER Crcle your secton of the course:
More informationUniversity of Toronto November 9, 2006 ECO 209Y MACROECONOMIC THEORY. Term Test #1 L0101 L0201 L0401 L5101 MW MW 1-2 MW 2-3 W 6-8
Department of Economcs Prof. Gustavo Indart Unversty of Toronto November 9, 2006 SOLUTION ECO 209Y MACROECONOMIC THEORY Term Test #1 C LAST NAME FIRST NAME STUDENT NUMBER Crcle your secton of the course:
More informationProblems to be discussed at the 5 th seminar Suggested solutions
ECON4260 Behavoral Economcs Problems to be dscussed at the 5 th semnar Suggested solutons Problem 1 a) Consder an ultmatum game n whch the proposer gets, ntally, 100 NOK. Assume that both the proposer
More informationEquilibrium in Prediction Markets with Buyers and Sellers
Equlbrum n Predcton Markets wth Buyers and Sellers Shpra Agrawal Nmrod Megddo Benamn Armbruster Abstract Predcton markets wth buyers and sellers of contracts on multple outcomes are shown to have unque
More informationTeaching Note on Factor Model with a View --- A tutorial. This version: May 15, Prepared by Zhi Da *
Copyrght by Zh Da and Rav Jagannathan Teachng Note on For Model th a Ve --- A tutoral Ths verson: May 5, 2005 Prepared by Zh Da * Ths tutoral demonstrates ho to ncorporate economc ves n optmal asset allocaton
More informationSolution of periodic review inventory model with general constrains
Soluton of perodc revew nventory model wth general constrans Soluton of perodc revew nventory model wth general constrans Prof Dr J Benkő SZIU Gödöllő Summary Reasons for presence of nventory (stock of
More informationEconomic Design of Short-Run CSP-1 Plan Under Linear Inspection Cost
Tamkang Journal of Scence and Engneerng, Vol. 9, No 1, pp. 19 23 (2006) 19 Economc Desgn of Short-Run CSP-1 Plan Under Lnear Inspecton Cost Chung-Ho Chen 1 * and Chao-Yu Chou 2 1 Department of Industral
More informationCh Rival Pure private goods (most retail goods) Non-Rival Impure public goods (internet service)
h 7 1 Publc Goods o Rval goods: a good s rval f ts consumpton by one person precludes ts consumpton by another o Excludable goods: a good s excludable f you can reasonably prevent a person from consumng
More informationMicroeconomics: BSc Year One Extending Choice Theory
mcroeconomcs notes from http://www.economc-truth.co.uk by Tm Mller Mcroeconomcs: BSc Year One Extendng Choce Theory Consumers, obvously, mostly have a choce of more than two goods; and to fnd the favourable
More informationLecture 7. We now use Brouwer s fixed point theorem to prove Nash s theorem.
Topcs on the Border of Economcs and Computaton December 11, 2005 Lecturer: Noam Nsan Lecture 7 Scrbe: Yoram Bachrach 1 Nash s Theorem We begn by provng Nash s Theorem about the exstance of a mxed strategy
More informationIntroduction. Chapter 7 - An Introduction to Portfolio Management
Introducton In the next three chapters, we wll examne dfferent aspects of captal market theory, ncludng: Brngng rsk and return nto the pcture of nvestment management Markowtz optmzaton Modelng rsk and
More informationEconomics 1410 Fall Section 7 Notes 1. Define the tax in a flexible way using T (z), where z is the income reported by the agent.
Economcs 1410 Fall 2017 Harvard Unversty Yaan Al-Karableh Secton 7 Notes 1 I. The ncome taxaton problem Defne the tax n a flexble way usng T (), where s the ncome reported by the agent. Retenton functon:
More informationTests for Two Ordered Categorical Variables
Chapter 253 Tests for Two Ordered Categorcal Varables Introducton Ths module computes power and sample sze for tests of ordered categorcal data such as Lkert scale data. Assumng proportonal odds, such
More informationreferences Chapters on game theory in Mas-Colell, Whinston and Green
Syllabus. Prelmnares. Role of game theory n economcs. Normal and extensve form of a game. Game-tree. Informaton partton. Perfect recall. Perfect and mperfect nformaton. Strategy.. Statc games of complete
More informationFlight Delays, Capacity Investment and Welfare under Air Transport Supply-demand Equilibrium
Flght Delays, Capacty Investment and Welfare under Ar Transport Supply-demand Equlbrum Bo Zou 1, Mark Hansen 2 1 Unversty of Illnos at Chcago 2 Unversty of Calforna at Berkeley 2 Total economc mpact of
More informationII. Random Variables. Variable Types. Variables Map Outcomes to Numbers
II. Random Varables Random varables operate n much the same way as the outcomes or events n some arbtrary sample space the dstncton s that random varables are smply outcomes that are represented numercally.
More informationThe Effects of Industrial Structure Change on Economic Growth in China Based on LMDI Decomposition Approach
216 Internatonal Conference on Mathematcal, Computatonal and Statstcal Scences and Engneerng (MCSSE 216) ISBN: 978-1-6595-96- he Effects of Industral Structure Change on Economc Growth n Chna Based on
More informationLeast Cost Strategies for Complying with New NOx Emissions Limits
Least Cost Strateges for Complyng wth New NOx Emssons Lmts Internatonal Assocaton for Energy Economcs New England Chapter Presented by Assef A. Zoban Tabors Caramans & Assocates Cambrdge, MA 02138 January
More informationFall 2017 Social Sciences 7418 University of Wisconsin-Madison Problem Set 3 Answers
ublc Affars 854 enze D. Chnn Fall 07 Socal Scences 748 Unversty of Wsconsn-adson roblem Set 3 Answers Due n Lecture on Wednesday, November st. " Box n" your answers to the algebrac questons.. Fscal polcy
More informationIND E 250 Final Exam Solutions June 8, Section A. Multiple choice and simple computation. [5 points each] (Version A)
IND E 20 Fnal Exam Solutons June 8, 2006 Secton A. Multple choce and smple computaton. [ ponts each] (Verson A) (-) Four ndependent projects, each wth rsk free cash flows, have the followng B/C ratos:
More informationMULTIPLE CURVE CONSTRUCTION
MULTIPLE CURVE CONSTRUCTION RICHARD WHITE 1. Introducton In the post-credt-crunch world, swaps are generally collateralzed under a ISDA Master Agreement Andersen and Pterbarg p266, wth collateral rates
More information3/3/2014. CDS M Phil Econometrics. Vijayamohanan Pillai N. Truncated standard normal distribution for a = 0.5, 0, and 0.5. CDS Mphil Econometrics
Lmted Dependent Varable Models: Tobt an Plla N 1 CDS Mphl Econometrcs Introducton Lmted Dependent Varable Models: Truncaton and Censorng Maddala, G. 1983. Lmted Dependent and Qualtatve Varables n Econometrcs.
More informationSurvey of Math Test #3 Practice Questions Page 1 of 5
Test #3 Practce Questons Page 1 of 5 You wll be able to use a calculator, and wll have to use one to answer some questons. Informaton Provded on Test: Smple Interest: Compound Interest: Deprecaton: A =
More informationUnderstanding Annuities. Some Algebraic Terminology.
Understandng Annutes Ma 162 Sprng 2010 Ma 162 Sprng 2010 March 22, 2010 Some Algebrac Termnology We recall some terms and calculatons from elementary algebra A fnte sequence of numbers s a functon of natural
More informationTaxation and Externalities. - Much recent discussion of policy towards externalities, e.g., global warming debate/kyoto
Taxaton and Externaltes - Much recent dscusson of polcy towards externaltes, e.g., global warmng debate/kyoto - Increasng share of tax revenue from envronmental taxaton 6 percent n OECD - Envronmental
More informationOptimal Service-Based Procurement with Heterogeneous Suppliers
Optmal Servce-Based Procurement wth Heterogeneous Supplers Ehsan Elah 1 Saf Benjaafar 2 Karen L. Donohue 3 1 College of Management, Unversty of Massachusetts, Boston, MA 02125 2 Industral & Systems Engneerng,
More informationc slope = -(1+i)/(1+π 2 ) MRS (between consumption in consecutive time periods) price ratio (across consecutive time periods)
CONSUMPTION-SAVINGS FRAMEWORK (CONTINUED) SEPTEMBER 24, 2013 The Graphcs of the Consumpton-Savngs Model CONSUMER OPTIMIZATION Consumer s decson problem: maxmze lfetme utlty subject to lfetme budget constrant
More informationAdvisory. Category: Capital
Advsory Category: Captal NOTICE* Subject: Alternatve Method for Insurance Companes that Determne the Segregated Fund Guarantee Captal Requrement Usng Prescrbed Factors Date: Ths Advsory descrbes an alternatve
More informationDomestic Savings and International Capital Flows
Domestc Savngs and Internatonal Captal Flows Martn Feldsten and Charles Horoka The Economc Journal, June 1980 Presented by Mchael Mbate and Chrstoph Schnke Introducton The 2 Vews of Internatonal Captal
More informationEDC Introduction
.0 Introducton EDC3 In the last set of notes (EDC), we saw how to use penalty factors n solvng the EDC problem wth losses. In ths set of notes, we want to address two closely related ssues. What are, exactly,
More informationMacroeconomic Theory and Policy
ECO 209 Macroeconomc Theory and Polcy Lecture 7: The Open Economy wth Fxed Exchange Rates Gustavo Indart Slde 1 Open Economy under Fxed Exchange Rates Let s consder an open economy wth no captal moblty
More informationLecture Note 2 Time Value of Money
Seg250 Management Prncples for Engneerng Managers Lecture ote 2 Tme Value of Money Department of Systems Engneerng and Engneerng Management The Chnese Unversty of Hong Kong Interest: The Cost of Money
More informationECO 209Y MACROECONOMIC THEORY AND POLICY LECTURE 8: THE OPEN ECONOMY WITH FIXED EXCHANGE RATES
ECO 209 MACROECONOMIC THEOR AND POLIC LECTURE 8: THE OPEN ECONOM WITH FIXED EXCHANGE RATES Gustavo Indart Slde 1 OPEN ECONOM UNDER FIXED EXCHANGE RATES Let s consder an open economy wth no captal moblty
More informationA Utilitarian Approach of the Rawls s Difference Principle
1 A Utltaran Approach of the Rawls s Dfference Prncple Hyeok Yong Kwon a,1, Hang Keun Ryu b,2 a Department of Poltcal Scence, Korea Unversty, Seoul, Korea, 136-701 b Department of Economcs, Chung Ang Unversty,
More informationProblem Set #4 Solutions
4.0 Sprng 00 Page Problem Set #4 Solutons Problem : a) The extensve form of the game s as follows: (,) Inc. (-,-) Entrant (0,0) Inc (5,0) Usng backwards nducton, the ncumbent wll always set hgh prces,
More information3: Central Limit Theorem, Systematic Errors
3: Central Lmt Theorem, Systematc Errors 1 Errors 1.1 Central Lmt Theorem Ths theorem s of prme mportance when measurng physcal quanttes because usually the mperfectons n the measurements are due to several
More informationSIMPLE FIXED-POINT ITERATION
SIMPLE FIXED-POINT ITERATION The fed-pont teraton method s an open root fndng method. The method starts wth the equaton f ( The equaton s then rearranged so that one s one the left hand sde of the equaton
More informationIn the 1990s, Japanese economy has experienced a surge in the unemployment rate,
Productvty Growth and the female labor supply n Japan Yoko Furukawa * Tomohko Inu Abstract: In the 990s, Japanese economy has experenced a surge n the unemployment rate, and ths s due partly to the recent
More informationRisk and Return: The Security Markets Line
FIN 614 Rsk and Return 3: Markets Professor Robert B.H. Hauswald Kogod School of Busness, AU 1/25/2011 Rsk and Return: Markets Robert B.H. Hauswald 1 Rsk and Return: The Securty Markets Lne From securtes
More informationREFINITIV INDICES PRIVATE EQUITY BUYOUT INDEX METHODOLOGY
REFINITIV INDICES PRIVATE EQUITY BUYOUT INDEX METHODOLOGY 1 Table of Contents INTRODUCTION 3 TR Prvate Equty Buyout Index 3 INDEX COMPOSITION 3 Sector Portfolos 4 Sector Weghtng 5 Index Rebalance 5 Index
More information/ Computational Genomics. Normalization
0-80 /02-70 Computatonal Genomcs Normalzaton Gene Expresson Analyss Model Computatonal nformaton fuson Bologcal regulatory networks Pattern Recognton Data Analyss clusterng, classfcaton normalzaton, mss.
More informationINTRODUCTION TO MACROECONOMICS FOR THE SHORT RUN (CHAPTER 1) WHY STUDY BUSINESS CYCLES? The intellectual challenge: Why is economic growth irregular?
INTRODUCTION TO MACROECONOMICS FOR THE SHORT RUN (CHATER 1) WHY STUDY BUSINESS CYCLES? The ntellectual challenge: Why s economc groth rregular? The socal challenge: Recessons and depressons cause elfare
More informationChapter 10 Making Choices: The Method, MARR, and Multiple Attributes
Chapter 0 Makng Choces: The Method, MARR, and Multple Attrbutes INEN 303 Sergy Butenko Industral & Systems Engneerng Texas A&M Unversty Comparng Mutually Exclusve Alternatves by Dfferent Evaluaton Methods
More informationAn Application of Alternative Weighting Matrix Collapsing Approaches for Improving Sample Estimates
Secton on Survey Research Methods An Applcaton of Alternatve Weghtng Matrx Collapsng Approaches for Improvng Sample Estmates Lnda Tompkns 1, Jay J. Km 2 1 Centers for Dsease Control and Preventon, atonal
More informationEfficient Project Portfolio as a Tool for Enterprise Risk Management
Effcent Proect Portfolo as a Tool for Enterprse Rsk Management Valentn O. Nkonov Ural State Techncal Unversty Growth Traectory Consultng Company Enterprse Rsk Management Symposum Socety of Actuares Chcago,
More informationFinite Math - Fall Section Future Value of an Annuity; Sinking Funds
Fnte Math - Fall 2016 Lecture Notes - 9/19/2016 Secton 3.3 - Future Value of an Annuty; Snkng Funds Snkng Funds. We can turn the annutes pcture around and ask how much we would need to depost nto an account
More informationFinal Exam. 7. (10 points) Please state whether each of the following statements is true or false. No explanation needed.
Fnal Exam Fall 4 Econ 8-67 Closed Book. Formula Sheet Provded. Calculators OK. Tme Allowed: hours Please wrte your answers on the page below each queston. (5 ponts) Assume that the rsk-free nterest rate
More informationMacroeconomic Theory and Policy
ECO 209 Macroeconomc Theory and Polcy Lecture 7: The Open Economy wth Fxed Exchange Rates Gustavo Indart Slde 1 Open Economy under Fxed Exchange Rates Let s consder an open economy wth no captal moblty
More informationHighlights of the Macroprudential Report for June 2018
Hghlghts of the Macroprudental Report for June 2018 October 2018 FINANCIAL STABILITY DEPARTMENT Preface Bank of Jamaca frequently conducts assessments of the reslence and strength of the fnancal system.
More informationMultifactor Term Structure Models
1 Multfactor Term Structure Models A. Lmtatons of One-Factor Models 1. Returns on bonds of all maturtes are perfectly correlated. 2. Term structure (and prces of every other dervatves) are unquely determned
More informationPivot Points for CQG - Overview
Pvot Ponts for CQG - Overvew By Bran Bell Introducton Pvot ponts are a well-known technque used by floor traders to calculate ntraday support and resstance levels. Ths technque has been around for decades,
More informationTCOM501 Networking: Theory & Fundamentals Final Examination Professor Yannis A. Korilis April 26, 2002
TO5 Networng: Theory & undamentals nal xamnaton Professor Yanns. orls prl, Problem [ ponts]: onsder a rng networ wth nodes,,,. In ths networ, a customer that completes servce at node exts the networ wth
More informationTHE VOLATILITY OF EQUITY MUTUAL FUND RETURNS
North Amercan Journal of Fnance and Bankng Research Vol. 4. No. 4. 010. THE VOLATILITY OF EQUITY MUTUAL FUND RETURNS Central Connectcut State Unversty, USA. E-mal: BelloZ@mal.ccsu.edu ABSTRACT I nvestgated
More informationChapter 15: Debt and Taxes
Chapter 15: Debt and Taxes-1 Chapter 15: Debt and Taxes I. Basc Ideas 1. Corporate Taxes => nterest expense s tax deductble => as debt ncreases, corporate taxes fall => ncentve to fund the frm wth debt
More informationFacility Location Problem. Learning objectives. Antti Salonen Farzaneh Ahmadzadeh
Antt Salonen Farzaneh Ahmadzadeh 1 Faclty Locaton Problem The study of faclty locaton problems, also known as locaton analyss, s a branch of operatons research concerned wth the optmal placement of facltes
More informationoccurrence of a larger storm than our culvert or bridge is barely capable of handling? (what is The main question is: What is the possibility of
Module 8: Probablty and Statstcal Methods n Water Resources Engneerng Bob Ptt Unversty of Alabama Tuscaloosa, AL Flow data are avalable from numerous USGS operated flow recordng statons. Data s usually
More informationMathematical Thinking Exam 1 09 October 2017
Mathematcal Thnkng Exam 1 09 October 2017 Name: Instructons: Be sure to read each problem s drectons. Wrte clearly durng the exam and fully erase or mark out anythng you do not want graded. You may use
More informationElton, Gruber, Brown, and Goetzmann. Modern Portfolio Theory and Investment Analysis, 7th Edition. Solutions to Text Problems: Chapter 9
Elton, Gruber, Brown, and Goetzmann Modern Portfolo Theory and Investment Analyss, 7th Edton Solutons to Text Problems: Chapter 9 Chapter 9: Problem In the table below, gven that the rskless rate equals
More informationHow Likely Is Contagion in Financial Networks?
OFFICE OF FINANCIAL RESEARCH How Lkely Is Contagon n Fnancal Networks? Paul Glasserman & Peyton Young Systemc Rsk: Models and Mechansms Isaac Newton Insttute, Unversty of Cambrdge August 26-29, 2014 Ths
More informationISE High Income Index Methodology
ISE Hgh Income Index Methodology Index Descrpton The ISE Hgh Income Index s desgned to track the returns and ncome of the top 30 U.S lsted Closed-End Funds. Index Calculaton The ISE Hgh Income Index s
More informationStochastic ALM models - General Methodology
Stochastc ALM models - General Methodology Stochastc ALM models are generally mplemented wthn separate modules: A stochastc scenaros generator (ESG) A cash-flow projecton tool (or ALM projecton) For projectng
More informationLECTURE 3. Chapter # 5: Understanding Interest Rates: Determinants and Movements
LECTURE 3 Hamza Al alk Econ 3215: oney and ankng Wnter 2007 Chapter # 5: Understandng Interest Rates: Determnants and ovements The Loanable Funds Approach suggests that nterest rate levels are determned
More informationUnderstanding price volatility in electricity markets
Proceedngs of the 33rd Hawa Internatonal Conference on System Scences - 2 Understandng prce volatlty n electrcty markets Fernando L. Alvarado, The Unversty of Wsconsn Rajesh Rajaraman, Chrstensen Assocates
More informationOptimal policy for FDI incentives: An auction theory approach
European Research Studes, Volume XII, Issue (3), 009 Optmal polcy for FDI ncentves: An aucton theory approach Abstract: Israel Lusk*, Mos Rosenbom** A multnatonal corporaton s (MNC) entry nto a host country
More informationLikelihood Fits. Craig Blocker Brandeis August 23, 2004
Lkelhood Fts Crag Blocker Brandes August 23, 2004 Outlne I. What s the queston? II. Lkelhood Bascs III. Mathematcal Propertes IV. Uncertantes on Parameters V. Mscellaneous VI. Goodness of Ft VII. Comparson
More informationCS 286r: Matching and Market Design Lecture 2 Combinatorial Markets, Walrasian Equilibrium, Tâtonnement
CS 286r: Matchng and Market Desgn Lecture 2 Combnatoral Markets, Walrasan Equlbrum, Tâtonnement Matchng and Money Recall: Last tme we descrbed the Hungaran Method for computng a maxmumweght bpartte matchng.
More informationCyclic Scheduling in a Job shop with Multiple Assembly Firms
Proceedngs of the 0 Internatonal Conference on Industral Engneerng and Operatons Management Kuala Lumpur, Malaysa, January 4, 0 Cyclc Schedulng n a Job shop wth Multple Assembly Frms Tetsuya Kana and Koch
More informationA Laboratory Investigation of Compliance Behavior under Tradable Emissions Rights: Implications for Targeted Enforcement
Unversty of Massachusetts Amherst Department of Resource Economcs Workng Paper No. 2005-1 http://www.umass.edu/resec/workngpapers A Laboratory Investgaton of Complance Behavor under Tradable Emssons Rghts:
More informationScribe: Chris Berlind Date: Feb 1, 2010
CS/CNS/EE 253: Advanced Topcs n Machne Learnng Topc: Dealng wth Partal Feedback #2 Lecturer: Danel Golovn Scrbe: Chrs Berlnd Date: Feb 1, 2010 8.1 Revew In the prevous lecture we began lookng at algorthms
More informationOnline Appendix for Merger Review for Markets with Buyer Power
Onlne Appendx for Merger Revew for Markets wth Buyer Power Smon Loertscher Lesle M. Marx July 23, 2018 Introducton In ths appendx we extend the framework of Loertscher and Marx (forthcomng) to allow two
More informationIs Social Welfare Increased By Private Firm Entry. Introduction
Is Socal elfare Increased By Prvate Frm Entry From a coopetton vewpont Unversty of Hyogo graduate school doctoral course n economcs Takesh Yoshkawa Introducton Many studes on a mxed olgopoly manly deal
More informationQuiz 2 Answers PART I
Quz 2 nswers PRT I 1) False, captal ccumulaton alone wll not sustan growth n output per worker n the long run due to dmnshng margnal returns to captal as more and more captal s added to a gven number of
More informationarxiv: v1 [q-fin.pm] 13 Feb 2018
WHAT IS THE SHARPE RATIO, AND HOW CAN EVERYONE GET IT WRONG? arxv:1802.04413v1 [q-fn.pm] 13 Feb 2018 IGOR RIVIN Abstract. The Sharpe rato s the most wdely used rsk metrc n the quanttatve fnance communty
More information