IDEAS home Printed from https://ideas.repec.org/a/inm/ordeca/v16y2019i3p172-196.html
   My bibliography  Save this article

Information Sharing in Cybersecurity: A Review

Author

Listed:
  • Ali Pala

    (Industrial and Systems Engineering, University at Buffalo, Buffalo, New York 14260)

  • Jun Zhuang

    (Industrial and Systems Engineering, University at Buffalo, Buffalo, New York 14260)

Abstract

In this survey, we review the cybersecurity information-sharing literature, categorizing the identified papers based on their main focus and methodological approaches implemented to the cybersecurity information-sharing problem. We constitute our research framework on the major considerations of firms, governments, citizens, and adversaries. This includes actors involved, types of information to be shared, current legal baseline, information-sharing organizations/policies/architectures, benefits of sharing, and concerns/costs/barriers of sharing. We observe that both qualitative and quantitative approaches are implemented in the literature. In general, quantitative approaches have been dedicated to discuss the challenges and barriers of public/private collaboration in information sharing, such as privacy and liability, and to propose secure and effective sharing mechanisms. On the other hand, quantitative approaches have been more interested in developing models that balance cybersecurity investment and information sharing as well as provide effective incentive mechanisms. This review summarizes the academic efforts in cybersecurity information sharing by analyzing 82 identified papers with their methodological approaches. The papers using game-theoretical models are dominant in the literature as we spend more time summarizing those efforts. We conclude the review by providing potential research gaps and future research directions.

Suggested Citation

  • Ali Pala & Jun Zhuang, 2019. "Information Sharing in Cybersecurity: A Review," Decision Analysis, INFORMS, vol. 16(3), pages 172-196, September.
    • Handle: RePEc:inm:ordeca:v:16:y:2019:i:3:p:172-196
    DOI: 10.1287/deca.2018.0387
    as

    Download full text from publisher

    File URL: https://doi.org/10.1287/deca.2018.0387
    Download Restriction: no
    File URL: https://libkey.io/10.1287/deca.2018.0387?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Kjell Hausken, 2017. "Information Sharing Among Cyber Hackers in Successive Attacks," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 19(02), pages 1-33, June.
    2. Kjell Hausken, 2018. "Proactivity and Retroactivity of Firms and Information Sharing of Hackers," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 20(01), pages 1-30, March.
    3. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    4. Hausken, Kjell, 2007. "Information sharing among firms and cyber attacks," Journal of Accounting and Public Policy, Elsevier, vol. 26(6), pages 639-688.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Andrea C. Hupman, 2022. "Cutoff Threshold Decisions for Classification Algorithms with Risk Aversion," Decision Analysis, INFORMS, vol. 19(1), pages 63-78, March.
    2. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    3. Vicki M. Bier & Simon French, 2020. "From the Editors: Decision Analysis Focus and Trends," Decision Analysis, INFORMS, vol. 17(1), pages 1-8, March.
    4. Tania Wallis & Rafał Leszczyna, 2022. "EE-ISAC—Practical Cybersecurity Solution for the Energy Sector," Energies, MDPI, vol. 15(6), pages 1-23, March.
    5. Berlilana & Tim Noparumpa & Athapol Ruangkanjanases & Taqwa Hariguna & Sarmini, 2021. "Organization Benefit as an Outcome of Organizational Security Adoption: The Role of Cyber Security Readiness and Technology Readiness," Sustainability, MDPI, vol. 13(24), pages 1-20, December.
    6. Ali Yekkehkhany & Timothy Murray & Rakesh Nagi, 2021. "Stochastic Superiority Equilibrium in Game Theory," Decision Analysis, INFORMS, vol. 18(2), pages 153-168, June.
    7. Tahereh Hasani & Norman O’Reilly & Ali Dehghantanha & Davar Rezania & Nadège Levallet, 2023. "Evaluating the adoption of cybersecurity and its influence on organizational performance," SN Business & Economics, Springer, vol. 3(5), pages 1-38, May.
    8. Hunt, Kyle & Narayanan, Adithya & Zhuang, Jun, 2022. "Blockchain in humanitarian operations management: A review of research and practice," Socio-Economic Planning Sciences, Elsevier, vol. 80(C).
    9. Aitor Couce-Vieira & David Rios Insua & Alex Kosgodagan, 2020. "Assessing and Forecasting Cybersecurity Impacts," Decision Analysis, INFORMS, vol. 17(4), pages 356-374, December.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
    2. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    3. Kjell Hausken, 2017. "Security Investment, Hacking, and Information Sharing between Firms and between Hackers," Games, MDPI, vol. 8(2), pages 1-23, May.
    4. Zhiheng Xu & Jun Zhuang, 2019. "A Study on a Sequential One‐Defender‐N‐Attacker Game," Risk Analysis, John Wiley & Sons, vol. 39(6), pages 1414-1432, June.
    5. Aniruddha Bagchi & Tridib Bandyopadhyay, 2018. "Role of Intelligence Inputs in Defending Against Cyber Warfare and Cyberterrorism," Decision Analysis, INFORMS, vol. 15(3), pages 174-193, September.
    6. Lin, Chen & Xiao, Hui & Peng, Rui & Xiang, Yisha, 2021. "Optimal defense-attack strategies between M defenders and N attackers: A method based on cumulative prospect theory," Reliability Engineering and System Safety, Elsevier, vol. 210(C).
    7. Mazaher Kianpour & Stewart J. Kowalski & Harald Øverby, 2021. "Systematically Understanding Cybersecurity Economics: A Survey," Sustainability, MDPI, vol. 13(24), pages 1-28, December.
    8. Daniel Schatz & Rabih Bashroush, 0. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    9. Rana Alabdan, 2020. "Phishing Attacks Survey: Types, Vectors, and Technical Approaches," Future Internet, MDPI, vol. 12(10), pages 1-37, September.
    10. Xiaotong Li, 2022. "An evolutionary game‐theoretic analysis of enterprise information security investment based on information sharing platform," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(3), pages 595-606, April.
    11. Bandyopadhyay, Subhayu & Sandler, Todd, 2023. "Politically influenced counterterrorism policy and welfare efficiency," European Journal of Political Economy, Elsevier, vol. 76(C).
    12. Kjell Hausken, 2018. "Proactivity and Retroactivity of Firms and Information Sharing of Hackers," International Game Theory Review (IGTR), World Scientific Publishing Co. Pte. Ltd., vol. 20(01), pages 1-30, March.
    13. Camélia Radu & Nadia Smaili, 2022. "Board Gender Diversity and Corporate Response to Cyber Risk: Evidence from Cybersecurity Related Disclosure," Journal of Business Ethics, Springer, vol. 177(2), pages 351-374, May.
    14. Xiaofei Qian & Xinbao Liu & Jun Pei & Panos M. Pardalos, 2018. "A new game of information sharing and security investment between two allied firms," International Journal of Production Research, Taylor & Francis Journals, vol. 56(12), pages 4069-4086, June.
    15. Levitin, Gregory & Hausken, Kjell & Taboada, Heidi A. & Coit, David W., 2012. "Data survivability vs. security in information systems," Reliability Engineering and System Safety, Elsevier, vol. 100(C), pages 19-27.
    16. Xing Gao & Weijun Zhong & Shue Mei, 2014. "A game-theoretic analysis of information sharing and security investment for complementary firms," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 65(11), pages 1682-1691, November.
    17. Iaiani, Matteo & Tugnoli, Alessandro & Macini, Paolo & Cozzani, Valerio, 2021. "Outage and asset damage triggered by malicious manipulation of the control system in process plants," Reliability Engineering and System Safety, Elsevier, vol. 213(C).
    18. William N. Caballero & Ethan Gharst & David Banks & Jeffery D. Weir, 2023. "Multipolar Security Cooperation Planning: A Multiobjective, Adversarial-Risk-Analysis Approach," Decision Analysis, INFORMS, vol. 20(1), pages 16-39, March.
    19. Yong Wu & Mengyao Xu & Dong Cheng & Tao Dai, 2022. "Information Security Strategies for Information-Sharing Firms Considering a Strategic Hacker," Decision Analysis, INFORMS, vol. 19(2), pages 99-122, June.
    20. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2016. "Mandatory Standards and Organizational Information Security," Information Systems Research, INFORMS, vol. 27(1), pages 70-86, March.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:ordeca:v:16:y:2019:i:3:p:172-196. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.