Managing Cybersecurity: Data Access & Protection

44 Pages Posted: 11 Dec 2022 Last revised: 30 Jun 2024

See all articles by G Charlson

G Charlson

University of Oxford - Department of Economics; University of Cambridge - Cambridge-INET Institute

Ruslan Momot

University of Michigan, Stephen M. Ross School of Business

Marat Salikhov

New Economic School; SKOLKOVO Moscow School of Management

Date Written: December 4, 2022

Abstract

A standard data access guideline is to limit employee access to only the essential data for their roles, raising the question of how to define these roles and the employees' corresponding data needs. We aim to address this question by considering a game-theoretic model of joint cybersecurity and operational decision-making. The firm chooses the level of data access for each of its employees and the overall level of cyber protection. Providing more data access to employees makes the firm more economically efficient but also more vulnerable to attacks by an adversary who steals the employees' data, inflicting damage that increases with the amount of data stolen. Adversaries may vary in their attack strength and sophistication rate (the ability to pinpoint the most attractive targets). We find that the firm may counter-intuitively decrease its overall protection level when adversarial attacks become stronger and increase its overall access level when the adversaries become more sophisticated.

Keywords: cybersecurity strategy, access management, bipartite graphs

JEL Classification: D21, D85, L23, M11, M12, M15, M21, M54

Suggested Citation

Charlson, G and Momot, Ruslan and Salikhov, Marat, Managing Cybersecurity: Data Access & Protection (December 4, 2022). Available at SSRN: https://ssrn.com/abstract=4293509 or http://dx.doi.org/10.2139/ssrn.4293509

G Charlson

University of Oxford - Department of Economics ( email )

10 Manor Rd
Oxford, OX1 3UQ
United Kingdom

University of Cambridge - Cambridge-INET Institute ( email )

Sidgwick Avenue
Cambridge, CB3 9DD
United Kingdom

Ruslan Momot (Contact Author)

University of Michigan, Stephen M. Ross School of Business ( email )

701 Tappan Street
Ann Arbor, MI MI 48109
United States

HOME PAGE: http://www.ruslanmomot.info

Marat Salikhov

New Economic School ( email )

100A Novaya Street
Moscow, Skolkovo 143026
Russia

HOME PAGE: http://www.nes.ru

SKOLKOVO Moscow School of Management ( email )

1st km of Skolkovo highway
Odintsovsky District
Moscow 115035
Russia

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
159
Abstract Views
715
Rank
355,023
PlumX Metrics