With the rapid development of information technologies, security violations in online social networks (OSN) have emerged as a critical issue. Traditional technical and organizational approaches do not consider economic factors, which are increasingly important to sustain information security investment. In this paper, we develop an evolutionary game model to study the sustainability of information security investment in OSN, and propose a quantitative approach to analyze and optimize security investment. Additionally, we examine a contract with an incentive mechanism to eliminate free riding, which helps sustain the security investment. Numerical examples are provided for illustration and simulation purposes, leading to several countermeasures and suggestions. Our analytical results show that the optimal strategy of information security investment not only is correlated with profit growth coefficients and investment costs, but is also influenced significantly by the profits from free riding. If the profit growth coefficients are prohibitively small, both OSN service providers and online platforms will not choose to sustain investment based on small profits. As profit growth coefficients increase, there is a higher probability that game players will invest. Another major finding is that the (Invest, Invest) profile is much less sensitive to the change of profit growth coefficients and the convergent speed of this scenario is faster than the other profiles. The government agency can use the proposed model to determine a proper incentive or penalty to help both parties reach the optimal strategies and thus improve OSN security.
Optimal Information Security Investment in Modern Social Networking
