A Research of Investment Cooperation Mechanism of Network Intrusion Detection and Defense Subsystems in the Supply Chain

doi:10.3969/j.issn.1007-7375.2019.05.001

Abstract

Abstract: Aiming at the network space supply chain security system composed of intrusion detection and intrusion prevention subsystems, the study is conducted on the cooperation and coordination mechanism of security system construction jointly invested by upstream and downstream enterprises of the supply chain. Considering intrusion defense subsystem and investment cost of complementary effect of intrusion detection subsystem, the supply chain to maximize benefits of intrusion prevention subsystems and the intrusion detection subsystems' optimal level of security are analyzed, while discussing the investment decision-making mechanism of discrete decision situation, where suppliers and retailers are responsible for intrusion detection and intrusion prevention subsystems of investment decision-making mechanism. On this basis, the reward and punishment mechanism of supply chain security system investment is designed to realize the coordination and cooperation between upstream and downstream investment in different subsystems.

Key words: network security, supply chain, the complementary effect, mechanism design

CLC Number:

F224

ZHANG Zijian, TAO Xiaomu, XIONG Xuexia. A Research of Investment Cooperation Mechanism of Network Intrusion Detection and Defense Subsystems in the Supply Chain[J]. Industrial Engineering Journal, 2019, 22(5): 1-9.

References

[1] RANGEL D A, OLIVEIRA T K D, LEITE M S A. Supply chain risk classification:discussion and proposal[J]. International Journal of Production Research, 2015, 53(22):6868-6887
[2] BOYSON S, ROSSMAN H. Developing a cyber-supply chain assurance reference model[R/OL]. (2009-06-20). https://pdfs.semanticscholar.org/2757/9fc90accd57e0e5e4f402e33f0598841bafb.pdf.
[3] OLTSIK Jon, JOHN M, JENNIFER G. Assessing cyber supply chain security vulnerabilities within the U.S. critical infrastructure[R/OL]. (2010-11-20). http://www.nsci-va.org/CyberReferenceLib/2010-11-ESG%20Research%20Report%20Cyber%20Supply%20Chain%20Security.pdf.
[4] BOYSON S. Cyber supply chain risk management:revolutionizing the strategic control of critical IT systems[J]. Technovation, 2014, 34(7):342-353
[5] FAN H, CHENG T C E, GANG L. The effectiveness of supply chain risk information processing capability:an information processing perspective[J]. IEEE Transactions on Engineering Management, 2016, 63(4):414-425
[6] 李璐. 浅析ICT供应链安全管理[J]. 保密科学技术, 2018(4):10-15 LI Lu. A brief analysis of ICT supply chain security management[J]. Secrecy Science and Technology, 2018(4):10-15
[7] 倪光南, 陈晓桦, 尚燕敏. 国外ICT供应链安全管理研究及建议[J]. 中国工程科学, 2016, 18(6):104-109 NI Guangnan, CHEN Xiaohua, SHANG Yanmin. Research on foreign ICT supply chain security management with suggestions[J]. Engineering Sciences, 2016, 18(6):104-109
[8] 冯耕中, 卢继周, 吴勇. IT供应链安全管理与对策建议[J]. 中国信息安全, 2013(6):74-77 FENG Gengzhong, LU Jizhou, WU Yong. IT supply chain security management and countermeasures[J]. China Information Security, 2013(6):74-77
[9] 马民虎, 马宁. IT供应链安全:国家安全审查的范围和中国应对[J]. 苏州大学学报(哲学社会科学版), 2014(1):90-96 MA Minhu, MA Ning. IT supply chain security:the scope of national security review and China's countermeasures[J]. Journal of Soochow University(Philosophy & Social Science Edition), 2014(1):90-96
[10] 孙薇, 孔祥维, 何德全. 信息安全投资的演化博弈分析[J]. 系统工程, 2018, 26(6):124-126 SUN Wei, KONG Xiangwei, HE Dequan. Evolutionary game analysis of information security investment[J]. Systems engineering, 2018, 26(6):124-126
[11] BAKSHI Nitin, KLEINDORFER Paul. Co-opetition and investment for supply-chain resilience[J]. Production and Operations Management, 2009(18):583-603
[12] KONG Guangwen, RAGAJOPALAN Sampath, ZHANG Hao. Revenue sharing and information leakage in a supply chain[J]. Management Science, 2013, 59(3):556-572
[13] 熊强, 仲伟俊, 梅姝娥. 基于Stackelberg博弈的供应链企业间信息安全决策分析[J]. 情报杂志, 2012, 31(2):178-182 XIONG Qiang, ZHONG Weijun, MEI Shue. Analysis of information security investment decision between supply chain enterprise using stackelberg game[J]. Journal of Intelligence, 2012, 31(2):178-182
[14] 熊强, 仲伟俊, 李治文. 网络信息系统中信息安全防御资源分配策略分析[J]. 运筹与管理, 2014, 23(3):163-169 XIONG Qiang, ZHONG Weijun, LI Zhiwen. Resources allocation analysis of information security defense in network information system[J]. Operations Research and Management Science, 2014, 23(3):163-169
[15] 熊强, 李治文. 网络组织中从众行为对信息安全投入策略的影响[J]. 科技管理研究, 2015(16):170-174 XIONG Qiang, LI Zhiwen. Analysis of group beheavior's impact on information security investment in network organization[J]. Science and Technology Management Research, 2015(16):170-174
[16] 顾建强, 梅姝娥, 仲伟俊. 考虑相互依赖性的信息系统安全投资及协调机制[J]. 运筹与管理, 2015, 24(6):136-142 GU Jianqiang, MEI Shué, ZHONG Weijun. Dynamic coordination mechanism of information system security investment based on interdependent security[J]. Operations Research and Management Science, 2015, 24(6):136-142
[17] 顾建强, 梅姝娥, 仲伟俊. 基于网络安全保险的信息系统安全投资激励机制[J]. 系统工程理论与实践, 2015, 35(4):1057-1062 GU Jianqiang, MEI Shué, ZHONG Weijun. Cyber insurance as an incentive for information system security[J]. Systems Engineering-Theory & Practice, 2015, 35(4):1057-1062
[18] NAGURNER Anna, NAGURNEY Ladimer S, SHUKLA Shivani. A supply chain game theory framework for cybersecurity investments under network vulnerability[J]. Computation, Cryptography, and Network Security, 2015(16):381-398
[19] NAGURNEY Anna, DANIELE Patrizia, SHUKLA Shivani. A supply chain network game theory model of cybersecurity investments with nonlinear budget constraints[J]. Annals of Operations Research, 2016(248):405-427
[20] CAVUSOGLU H, RAGHUNATHAN S. Configuration of and interaction between information security technologies:the case of firewalls and intrusion detection systems[J]. Information Systems Research, 2009, 20(2):198-217
[21] HUI K, HUI W, WEI T. Information security outsourcing with system interdependency and mandatory security requirement[J]. Journal of Management Information Systems, 2013, 29(3):117-155
[22] CEZAR A, CAVUSOGLU H, RAGHUNATHAN S. Outsourcing information security:contracting issues and security implications[J]. Management Science, 2014, 60(3):638-657