Coalitional Game Theory for Security Risk Management

Quantitative models for security risk management in organizations are recently receiving an increased attention in the research community. This paper investigates the possibility of cooperation among autonomous divisions of an organization with dependent security assets and/or vulnerabilities for reducing overall security risks. A coalitional game is formulated for modeling cooperation possibilities among these divisions based on their both positive (synergies) and negative (vulnerabilities) interdependencies. The proposed game constitutes a framework that allows to investigate how an organization can maximize its total utility through cooperation among its different divisions. The introduced utility accounts for the gains from cooperation, in terms of an improved synergy among the divisions, and the costs for cooperation that account for the friction among the divisions (e.g. due to social and human factors) as well as the difficulty of managing large-sized divisions. Using the proposed game model, the illustrative cases of two-coalition cooperation, two-division cooperation as well as a practical scenario when using an ideal cooperation protocol are analyzed.