Skip to main content
SpringerLink
Log in

Security investment and information sharing under an alternative security breach probability function

  • Published:
Information Systems Frontiers Aims and scope Submit manuscript

Abstract

Nowadays, in order to protect information assets, many firms have gradually realized the importance of security investment and information sharing. It is worth pointing out that security breach probability functions play a vital role in firms’ strategic choices. This paper investigates how to determine security investment and information sharing for two firms by employing an alternative well-accepted security breach probability function. In particular, assuming that both firms make their decisions individually, we analyze information sharing, aggregate attack, aggregate defense and the security breach probability at equilibrium. Then we compare these results with those in three (partially) centralized decision cases where a social planner regulates security investment, information sharing or both of them. Between the individual decision case and the partially centralized decision case with the social planner only controlling information sharing, and between the centralized decision case and the other partially centralized decision case, we demonstrate that, although aggregate attack, aggregate defense and the security breach probability remain unchanged, more intervention from the social planner would give rise to higher social welfare. Besides, it turns out that some well-known results of Hausken (Journal of Accounting and Public Policy, 26(6), 639–688, 2007) drastically change in our framework.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1

Similar content being viewed by others

References

  • Anderson, R. (2001). Why information security is hard: an economic perspective. Proceedings of the Seventeenth Computer Security Applications Conference, IEEE Computer Society Press, 358–365.

  • Anderson, R. (2002). Security in open versus closed systems-the dance of Boltzmann, Coase and Moore. Technical report, Cambridge University, England.

  • Anderson, R., & Moore, T. (2006). The economics of information security. Science, 314, 610–613.

    Article  Google Scholar 

  • Arora, A., Nandkumar, A., & Telang, R. (2006). Does information security attack frequency increase with vulnerability disclosure?-an empirical analysis. Information Systems Frontiers, 8(5), 350–362.

    Article  Google Scholar 

  • Bandyopadhyay, T., Jacob, V., & Raghunathan, S. (2010). Information security in networked supply chains: impact of network vulnerability and supply chain integration on incentives to invest. Information Technology and Management, 11(1), 7–23.

    Article  Google Scholar 

  • Bandyopadhyay, T., Liu, D., Mookerjee, V. S., Wilhite, A. W. (2012). Dynamic competition in IT security: a differential games approach. Information Systems Frontiers, in press, doi:10.1007/s10796-012-9373-x.

  • Bodin, L. D., Gordon, L. A., & Loeb, M. P. (2005). Evaluating information security investments using the analytic hierarchy process. Communications of the ACM, 48(2), 78–83.

    Article  Google Scholar 

  • Büyükkarabacak, B., & Valev, N. (2012). Credit information sharing and banking crises: an empirical investigation. Journal of Macroeconomics, 34(3), 788–800.

    Article  Google Scholar 

  • Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The economic cost of publicly announced information security breaches: empirical evidence from the stock market. Journal of Computer Security, 11(3), 431–448.

    Google Scholar 

  • Cavusoglu, H., & Raghunathan, S. (2004). Configuration of detection software: a comparison of decision and game theory approaches. Decision Analysis, 1(3), 131–148.

    Article  Google Scholar 

  • Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of Internet security breach announcements on market value: capital market reaction for breached firms and Internet security developers. International Journal of Electronic Commerce, 9(1), 69–105.

    Google Scholar 

  • Cavusoglu, H., Mishra, B., & Raghunathan, S. (2005). The value of intrusion detection systems in information technology security architecture. Information Systems Research, 16(1), 28–46.

    Article  Google Scholar 

  • Cavusoglu, H., Raghunathan, S., & Yue, W. T. (2008). Decision-theoretic and game-theoretic approaches to IT security investment. Journal of Management Information Systems, 25(2), 281–304.

    Article  Google Scholar 

  • Cavusoglu, H., Raghunathan, S., & Cavusoglu, H. (2009). Configuration of and interaction between information security technologies: the case of firewalls and intrusion detection systems. Information Systems Research, 20(2), 198–217.

    Article  Google Scholar 

  • Chai, S., Kim, M., & Rao, H. R. (2011). Firms’ information security investment decisions: stock market evidence of investors’ behavior. Decision Support Systems, 50(4), 651–661.

    Article  Google Scholar 

  • Clark, D. J., & Riis, C. (1998). Contest success functions: an extension. Economic Theory, 11(1), 201–204.

    Article  Google Scholar 

  • Cremonini, M., & Nizovtsev, D. (2009). Risks and benefits of signaling information system characteristics to strategic attackers. Journal of Management Information Systems, 26(3), 241–274.

    Article  Google Scholar 

  • D’Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, 20(1), 79–98.

    Article  Google Scholar 

  • Dutta, A., & Mccrohan, K. (2002). Management’s role in information security in a cyber economy. California Management Review, 45(1), 67–87.

    Article  Google Scholar 

  • Galbreth, M. R., & Shor, M. (2010). The impact of malicious agents on the enterprise software industry. MIS Quarterly, 34(3), 595–612.

    Google Scholar 

  • Gal-Or, E., & Ghose, A. (2003). The economic consequences of sharing security information. Proceedings of the Second Workshop on Economics and Information Security, University of Maryland.

  • Gal-Or, E., & Ghose, A. (2005). The economic incentives for sharing security information. Information Systems Research, 16(2), 186–208.

    Article  Google Scholar 

  • Gao, X., Zhong, W., & Mei, S. (2012a). On local stability of Cournot models with simultaneous and sequential decisions. Mathematical Social Sciences, 63(3), 207–212.

    Article  Google Scholar 

  • Gao, X., Zhong, W., Mei, S. (2012b). Stochastic evolutionary game dynamics and their selection mechanisms. Computational Economics, 41(2), 233–247.

    Google Scholar 

  • Gordon, L. A., & Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 5(4), 438–457.

    Article  Google Scholar 

  • Gordon, L. A., & Loeb, M. P. (2006). Economic aspects of information security: an emerging field of research. Information Systems Frontiers, 8(5), 335–337.

    Article  Google Scholar 

  • Gordon, L. A., Alumni, E. Y., Loeb, M. P., Lucyshyn, W. (2002). An economics perspective on the sharing of information related to security breaches: Concepts and empirical evidence. Workshop on Economics and Information Security, University of California, Berkeley.

  • Gordon, L. A., Loeb, M. P., & Lucyshyn, W. (2003a). Sharing information on computer systems security: an economic analysis. Journal of Accounting and Public Policy, 22(6), 461–485.

    Article  Google Scholar 

  • Gordon, L. A., Loeb, M. P., & Lucyshyn, W. (2003b). Information security expenditures and real options: a wait-and-see approach. Computer Security Journal, 19(2), 1–7.

    Google Scholar 

  • Hahm, J. H., & Lee, S. (2011). Economic effects of positive credit information sharing: the case of Korea. Applied Economics, 43(30), 4879–4890.

    Article  Google Scholar 

  • Hamill, J. T., Deckro, R. F., & Kloeber, J. M., Jr. (2005). Evaluating information assurance strategies. Decision Support Systems, 39(3), 463–484.

    Article  Google Scholar 

  • Hare, F., & Goldstein, J. (2010). The interdependent security problem in the defense industrial base: an agent-based model on a social network. International Journal of Critical Infrastructure Protection, 3(3–4), 128–139.

    Article  Google Scholar 

  • Hausken, K. (2006a). Income, interdependence, and substitution effects affecting incentives for security investment. Journal of Accounting and Public Policy, 25(6), 629–665.

    Article  Google Scholar 

  • Hausken, K. (2006b). Returns to information security investment: the effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability. Information Systems Frontiers, 8(5), 338–349.

    Article  Google Scholar 

  • Hausken, K. (2007). Information sharing among firms and cyber attacks. Journal of Accounting and Public Policy, 26(6), 639–688.

    Article  Google Scholar 

  • Hausken, K. (2009). Strategic defense and attack of complex networks. International Journal of Performability Engineering, 5(1), 13–30.

    Google Scholar 

  • Hausken, K. (2012). The economics of terrorism against two targets. Applied Economics Letters, 19(12), 1135–1138.

    Article  Google Scholar 

  • Heal, G., & Kunreuther, H. (2007). Modeling interdependent risks. Risk Analysis, 27(3), 621–634.

    Article  Google Scholar 

  • Herath, H., & Harath, T. (2009). Investments in information security: a real options perspective with Bayesian postaudit. Journal of Management Information Systems, 25(3), 337–375.

    Article  Google Scholar 

  • Huang, D., Qing, H., & Ravi, B. (2008). An economic analysis of the optimal information security investment in the case of a risk-averse firm. International Journal of Production Economics, 114(2), 793–804.

    Article  Google Scholar 

  • Kallberg, J. G., & Udell, G. F. (2003). The value of private sector business credit information sharing: the US case. Journal of Banking & Finance, 27(3), 449–469.

    Article  Google Scholar 

  • Kannan, K., & Telang, R. (2005). Market for software vulnerabilities? think again. Management Science, 51(5), 726–740.

    Article  Google Scholar 

  • Kim, S. H., Wang, Q., & Ulrich, J. B. (2012). A comparative study of cyberattacks. Communications of the ACM, 55(3), 66–73.

    Article  Google Scholar 

  • Kong, H. K., Kim, T. S., & Kim, J. (2012). An analysis on effects of information security investments: a BSC perspective. Journal of Intelligent Manufacturing, 23(4), 941–953.

    Article  Google Scholar 

  • Kshetri, N. (2006). The simple economics of cybercrimes. IEEE Security & Privacy, 4(1), 33–39.

    Article  Google Scholar 

  • Kshetri, N. (2009). Positive externality, increasing returns and the rise in cybercrimes. Communications of the ACM, 52(12), 141–144.

    Article  Google Scholar 

  • Kunreuther, H., & Heal, G. (2003). Interdependent security. Journal of Risk and Uncertainty, 26(2–3), 231–249.

    Article  Google Scholar 

  • Lee, M., & Lee, J. (2012). The impact of information security failure on customer behaviors: a study on a large-scale hacking incident on the Internet. Information Systems Frontiers, 14(2), 375–393.

    Article  Google Scholar 

  • Leeson, P., & Coyne, C. J. (2006). The economics of computer hacking. Journal of Law, Economics and Policy, 1(2), 511–532.

    Google Scholar 

  • Leininger, W. (1993). More efficient rent-seeking: a Münchhausen solution. Public Choice, 75(1), 43–62.

    Article  Google Scholar 

  • Liu, D., Ji, Y., & Mookerjee, V. (2011). Knowledge sharing and investment decisions in information security. Decision Support Systems, 52(1), 95–107.

    Article  Google Scholar 

  • Mookerjee, V., Mookerjee, R., Bensoussan, A., & Yue, W. T. (2011). When hackers talk: managing information security under variable attack rates and knowledge dissemination. Information Systems Research, 22(3), 606–623.

    Article  Google Scholar 

  • Pardo, T. A., Cresswell, A. M., Thompson, F., & Zhang, J. (2006). Knowledge sharing in cross-boundary information system development in the public sector. Information Technology and Management, 7(4), 293–313.

    Article  Google Scholar 

  • Png, I. P. L., Wang, C. Y., & Wang, Q. H. (2008). The deterrent and displacement effects of information security enforcement: international evidence. Journal of Management Information Systems, 25(2), 125–144.

    Article  Google Scholar 

  • Ryan, J. C. H., & Ryan, D. J. (2006). Expected benefits of information security investments. Computers & Security, 25(8), 579–588.

    Article  Google Scholar 

  • Skaperdas, S. (1996). Contest success functions. Economic Theory, 7(2), 283–290.

    Article  Google Scholar 

  • Tanaka, H., Matsuura, K., & Sudoh, O. (2005). Vulnerability and information security investment: an empirical analysis of e-local government in Japan. Journal of Accounting and Public Policy, 24(1), 37–59.

    Article  Google Scholar 

  • Telang, R., & Wattal, S. (2007). An empirical analysis of the impact of software vulnerability announcements on firm stock price. IEEE Transactions on Software Engineering, 33(8), 544–557.

    Article  Google Scholar 

  • Ulvila, J. W., & Gaffney, J. E. (2004). A decision analysis method for evaluating computer intrusion detection systems. Decision Analysis, 1(1), 35–50.

    Article  Google Scholar 

  • Wang, J., Chaudhury, A., & Rao, H. R. (2008). A value-at-risk approach to information security investment. Information Systems Research, 19(1), 2008.

    Article  Google Scholar 

  • Whitman, M. E. (2003). Enemy at the gate: threats to information security. Communications of the ACM, 46(8), 91–95.

    Article  Google Scholar 

  • Young, R., Zhang, L., & Prybutoka, V. R. (2007). Hacking into the minds of hackers. Information Systems Management, 24(4), 281–287.

    Article  Google Scholar 

  • Zhang, R. (2011). The role of information sharing in trade credit distribution: evidence from Thailand. Asian-Pacific Economic Literature, 25(1), 133–149.

    Article  Google Scholar 

  • Zhao, X., Fang, F., & Whinston, A. B. (2008). An economic mechanism for better Internet security. Decision Support Systems, 45(4), 811–821.

    Article  Google Scholar 

  • Zhuang, J. (2010). Impacts of subsidized security on stability and total social costs of equilibrium solutions in an n-player game with errors. The Engineering Economist, 55(2), 131–149.

    Article  Google Scholar 

  • Zhuang, J., Bier, V. M., & Gupta, A. (2007). Subsidies in interdependent security with heterogeneous discount rates. The Engineering Economist, 52(1), 1–19.

    Article  Google Scholar 

Download references

Acknowledgments

We wish to thank anonymous referees for constructive and informative comments that helped substantially improve the presentation of this manuscript. Financial supports from the National Natural Science Foundation of China (71071033) and the National Pillar Program of China (2012BAH29F01) are gratefully acknowledged.

Author information

Authors and Affiliations

  1. School of Economics and Management, Southeast University, Nanjing, Jiangsu, China

    Xing Gao, Weijun Zhong & Shue Mei

Authors
  1. Xing Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Weijun Zhong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shue Mei
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xing Gao.

Appendices

Appendix A. Firms choose security investment and information sharing

The firm’s and the hacker’s expected utilities are respectively

$$ \begin{array}{*{20}c} {{F_1}=\left[ {{v_1}-s\left( {{v_1},z_1^a,c_1^a} \right)} \right]{L_1}-{z_1}-\left( {{\kappa_1}s_1^2-{\kappa_2}s_2^2-{\kappa_3}{s_1}{s_2}} \right)} \\ {{F_2}=\left[ {{v_2}-s\left( {{v_2},z_2^a,c_2^a} \right)} \right]{L_2}-{z_2}-\left( {{\kappa_1}s_2^2-{\kappa_2}s_1^2-{\kappa_3}{s_1}{s_2}} \right)} \\ {H=\left[ {s\left( {{v_1},z_1^a,c_1^a} \right)-{v_1}} \right]{H_1}+\left[ {s\left( {{v_2},z_2^a,c_2^a} \right)-{v_2}} \right]{H_2}-{c_1}-{c_2}} \\ \end{array} $$

where \( s\left( {{v_1},z_1^a,c_1^a} \right)={v_1}{{\left( {\gamma c_1^a+1} \right)}^{\phi }}{{\left( {\alpha z_1^a+1} \right)}^{{-\beta }}} \), \( s\left( {{v_2},z_2^a,c_2^a} \right)={v_2}{{\left( {\gamma c_2^a+1} \right)}^{\phi }}{{\left( {\alpha z_2^a+1} \right)}^{{-\beta }}} \), c 1 a = c 1 + ρc 2, \( z_1^a={z_1}+\eta {s_2}+\rho \left( {{z_2}+\eta {s_1}} \right) \) and c 2 a = c 2 + ρc 1, \( z_2^a={z_2}+\eta {s_1}+\rho \left( {{z_1}+\eta {s_2}} \right) \).

The first order conditions are given by

$$ \begin{array}{*{20}c} {\partial {F_1}/\partial {z_1}=\alpha \beta {v_1}{L_1}{{{\left( {\gamma c_1^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_1^a+1} \right)}}^{{-\beta -1}}}-1=0} \hfill \\ {\partial {F_2}/\partial {z_2}=\alpha \beta {v_2}{L_2}{{{\left( {\gamma c_2^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_2^a+1} \right)}}^{{-\beta -1}}}-1=0} \hfill \\ \end{array} $$
(A1)
$$ \begin{array}{*{20}c} {\partial {F_1}/\partial {s_1}=\alpha \beta {v_1}{L_1}\rho \eta {{{\left( {\gamma c_1^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_1^a+1} \right)}}^{{-\beta -1}}}-2{\kappa_1}{s_1}+{\kappa_3}{s_2}=0} \hfill \\ {\partial {F_2}/\partial {s_2}=\alpha \beta {v_2}{L_2}\rho \eta {{{\left( {\gamma c_2^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_2^a+1} \right)}}^{{-\beta -1}}}-2{\kappa_1}{s_2}+{\kappa_3}{s_1}=0} \hfill \\ \end{array} $$
(A2)
$$ \begin{array}{*{20}c} {\partial H/\partial {c_1}=\gamma \phi {v_1}{H_1}{{{\left( {\gamma c_1^a+1} \right)}}^{{\phi -1}}}{{{\left( {\alpha z_1^a+1} \right)}}^{{-\beta }}}+\rho \gamma \phi {v_2}{H_2}{{{\left( {\gamma c_2^a+1} \right)}}^{{\phi -1}}}{{{\left( {\alpha z_2^a+1} \right)}}^{{-\beta }}}-1=0} \hfill \\ {\partial H/\partial {c_2}=\gamma \phi {v_2}{H_2}{{{\left( {\gamma c_2^a+1} \right)}}^{{\phi -1}}}{{{\left( {\alpha z_2^a+1} \right)}}^{{-\beta }}}+\rho \gamma \phi {v_1}{H_1}{{{\left( {\gamma c_1^a+1} \right)}}^{{\phi -1}}}{{{\left( {\alpha z_1^a+1} \right)}}^{{-\beta }}}-1=0} \hfill \\ \end{array} $$
(A3)

Substituting (A1) into (A2) yields

$$ {s_1}={s_2}=\rho \eta {{\left( {2{\kappa_1}-{\kappa_3}} \right)}^{-1 }}. $$

(A3) gives

$$ \gamma \phi {v_1}{H_1}{{\left( {\gamma c_1^a+1} \right)}^{{\phi -1}}}{{\left( {\alpha z_1^a+1} \right)}^{{-\beta }}}=\gamma \phi {v_2}{H_2}{{\left( {\gamma c_2^a+1} \right)}^{{\phi -1}}}{{\left( {\alpha z_2^a+1} \right)}^{{-\beta }}}={{\left( {1+\rho } \right)}^{-1 }} $$
(A4)

which, together with (A1), implies

$$ \begin{array}{*{20}c} {\gamma c_1^a+1={{{\left( {{v_1}L_1^{{-\beta }}H_1^{{1+\beta }}{{{\left( {\alpha \beta } \right)}}^{{-\beta }}}{{{\left[ {\gamma \phi \left( {1+\rho } \right)} \right]}}^{{1+\beta }}}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \hfill \\ {\gamma c_2^a+1={{{\left( {{v_2}L_2^{{-\beta }}H_2^{{1+\beta }}{{{\left( {\alpha \beta } \right)}}^{{-\beta }}}{{{\left[ {\gamma \phi \left( {1+\rho } \right)} \right]}}^{{1+\beta }}}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \hfill \\ \end{array} $$
(A5)
$$ \begin{array}{*{20}c} {\alpha z_1^a+1={{{\left( {{v_1}L_1^{{1-\phi }}H_1^{\phi }{{{\left( {\alpha \beta } \right)}}^{{1-\phi }}}{{{\left[ {\gamma \phi \left( {1+\rho } \right)} \right]}}^{\phi }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \hfill \\ {\alpha z_2^a+1={{{\left( {{v_2}L_2^{{1-\phi }}H_2^{\phi }{{{\left( {\alpha \beta } \right)}}^{{1-\phi }}}{{{\left[ {\gamma \phi \left( {1+\rho } \right)} \right]}}^{\phi }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \hfill \\ \end{array} $$
(A6)

It follows from (A4) and (A5) that

$$ \begin{array}{*{20}c} {{c_1}={{{\left( {{{{\left( {\alpha \beta } \right)}}^{{-\beta }}}{{{\left[ {\gamma \phi \left( {1+\rho } \right)} \right]}}^{{1+\beta }}}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}\left[ {{{{\left( {{v_1}L_1^{{-\beta }}H_1^{{1+\beta }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}-\rho {{{\left( {{v_2}L_2^{{-\beta }}H_2^{{1+\beta }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \right]{{{\left[ {\gamma \left( {1-{\rho^2}} \right)} \right]}}^{-1 }}-{{{\left[ {\gamma \left( {1+\rho } \right)} \right]}}^{-1 }}} \hfill \\ {{c_2}={{{\left( {{{{\left( {\alpha \beta } \right)}}^{{-\beta }}}{{{\left[ {\gamma \phi \left( {1+\rho } \right)} \right]}}^{{1+\beta }}}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}\left[ {{{{\left( {{v_2}L_2^{{-\beta }}H_2^{{1+\beta }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}-\rho {{{\left( {{v_1}L_1^{{-\beta }}H_1^{{1+\beta }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \right]{{{\left[ {\gamma \left( {1-{\rho^2}} \right)} \right]}}^{-1 }}-{{{\left[ {\gamma \left( {1+\rho } \right)} \right]}}^{-1 }}} \hfill \\ \end{array} $$
(A7)
$$ \begin{array}{*{20}c} {{z_1}={{{\left( {{{{\left( {\alpha \beta } \right)}}^{{1-\phi }}}{{{\left[ {\gamma \phi \left( {1+\rho } \right)} \right]}}^{\phi }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}\left[ {{{{\left( {{v_1}L_1^{{1-\phi }}H_1^{\phi }} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}-\rho {{{\left( {{v_2}L_2^{{1-\phi }}H_2^{\phi }} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \right]{{{\left[ {\alpha \left( {1-{\rho^2}} \right)} \right]}}^{-1 }}-{{{\left[ {\alpha \left( {1+\rho } \right)} \right]}}^{-1 }}-\eta {s_2}} \hfill \\ {{z_2}={{{\left( {{{{\left( {\alpha \beta } \right)}}^{{1-\phi }}}{{{\left[ {\gamma \phi \left( {1+\rho } \right)} \right]}}^{\phi }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}\left[ {{{{\left( {{v_2}L_2^{{1-\phi }}H_2^{\phi }} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}-\rho {{{\left( {{v_1}L_1^{{1-\phi }}H_1^{\phi }} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \right]{{{\left[ {\alpha \left( {1-{\rho^2}} \right)} \right]}}^{-1 }}-{{{\left[ {\alpha \left( {1+\rho } \right)} \right]}}^{-1 }}-\eta {s_1}} \hfill \\ \end{array} $$
(A8)

We now validate the second order conditions of the equilibrium. Noting the first order conditions (A1) and (A2), one can easily get at equilibrium

$$ \begin{array}{*{20}c} {{\partial^2}{F_1}/\partial z_1^2=-\alpha \left( {\beta +1} \right){{{\left( {\alpha z_1^a+1} \right)}}^{-1 }} < 0} \hfill \\ {{\partial^2}{F_1}/\partial s_1^2=-\alpha \rho \eta \left( {\beta +1} \right)\left( {2{\kappa_1}{s_1}-{\kappa_3}{s_2}} \right){{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}-2{\kappa_1} < 0} \hfill \\ {{\partial^2}{F_1}/\partial {z_1}\partial {s_1}=-\alpha \rho \eta \left( {\beta +1} \right){{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}} \hfill \\ \end{array} $$

and further

$$ \begin{array}{*{20}c} {\left[ {{\partial^2}{F_1}/\partial z_1^2} \right]\left[ {{\partial^2}{F_1}/\partial s_1^2} \right]-{{{\left[ {{\partial^2}{F_1}/\partial {z_1}\partial {s_1}} \right]}}^2}} \hfill \\ {={\alpha^2}{{{\left( {1+\beta } \right)}}^2}\left[ {\rho \eta \left( {2{\kappa_1}{s_1}-{\kappa_3}{s_2}} \right)-{\rho^2}{\eta^2}} \right]{{{\left( {\alpha z_1^a+1} \right)}}^{-2 }}+2{\kappa_1}\alpha \left( {1+\beta } \right){{{\left( {\alpha z_1^a+1} \right)}}^{-1 }} > 0} \hfill \\ \end{array} $$

for appropriate interdependence ρ. Therefore, the second order condition for F 1 is satisfied. Analogously, the second order condition for F 2 can be validated.

Noting the first order condition (A4), one can get

$$ \begin{array}{*{20}c} {{\partial^2}H/\partial c_1^2=\gamma \left( {\phi -1} \right){{{\left( {1+\rho } \right)}}^{-1 }}\left[ {{{{\left( {\gamma c_1^a+1} \right)}}^{-1 }}+{\rho^2}{{{\left( {\gamma c_2^a+1} \right)}}^{-1 }}} \right]\leq 0} \hfill \\ {{\partial^2}H/\partial c_2^2=\gamma \left( {\phi -1} \right){{{\left( {1+\rho } \right)}}^{-1 }}\left[ {{{{\left( {\gamma c_2^a+1} \right)}}^{-1 }}+{\rho^2}{{{\left( {\gamma c_1^a+1} \right)}}^{-1 }}} \right]\leq 0} \hfill \\ {\partial {H^2}/\partial {c_1}\partial {c_2}=\gamma \rho \left( {\phi -1} \right){{{\left( {1+\rho } \right)}}^{-1 }}\left[ {{{{\left( {\gamma c_1^a+1} \right)}}^{-1 }}+{{{\left( {\gamma c_2^a+1} \right)}}^{-1 }}} \right]} \hfill \\ \end{array} $$

and further

$$ \begin{array}{*{20}c} {\left[ {{\partial^2}H/\partial c_1^2} \right]\left[ {{\partial^2}H/\partial c_2^2} \right]-{{{\left[ {\partial {H^2}/\partial {c_1}\partial {c_2}} \right]}}^2}} \hfill \\ {={\gamma^2}{{{\left( {\phi -1} \right)}}^2}{{{\left( {\gamma c_1^a+1} \right)}}^{-1 }}{{{\left( {\gamma c_2^a+1} \right)}}^{-1 }}{{{\left( {1+\rho } \right)}}^{-2 }}\left( {1+{\rho^4}-2{\rho^2}} \right)\geq 0} \hfill \\ \end{array} $$

for appropriate interdependence ρ. Hence, the second order condition for H is satisfied as well.

Appendix B. The social planner only controls security investment

When only security investment is controlled by the social planner, (A2) and (A3) remain valid. (A1) becomes

$$ \begin{array}{*{20}c} {\partial F/\partial {z_1}=\alpha \beta {v_1}{L_1}{{{\left( {\gamma c_1^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_1^a+1} \right)}}^{{-\beta -1}}}+\rho \alpha \beta {v_2}{L_2}{{{\left( {\gamma c_2^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_2^a+1} \right)}}^{{-\beta -1}}}-1=0} \hfill \\ {\partial F/\partial {z_2}=\rho \alpha \beta {v_1}{L_1}{{{\left( {\gamma c_1^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_1^a+1} \right)}}^{{-\beta -1}}}+\alpha \beta {v_2}{L_2}{{{\left( {\gamma c_2^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_2^a+1} \right)}}^{{-\beta -1}}}-1=0} \hfill \\ \end{array} $$

which implies

$$ \alpha \beta {v_1}{L_1}{{\left( {\gamma c_1^a+1} \right)}^{\phi }}{{\left( {\alpha z_1^a+1} \right)}^{{-\beta -1}}}=\alpha \beta {v_2}{L_2}{{\left( {\gamma c_2^a+1} \right)}^{\phi }}{{\left( {\alpha z_2^a+1} \right)}^{{-\beta -1}}}={{\left( {1+\rho } \right)}^{-1 }}. $$
(B1)

Substituting (B1) into (A2) results in

$$ {s_1}={s_2}=\rho \eta {{\left[ {\left( {1+\rho } \right)\left( {2{\kappa_1}-{\kappa_3}} \right)} \right]}^{-1 }}. $$

Combining (B1) with (A4) gives

$$ \begin{array}{*{20}c} {\gamma c_1^a+1={{{\left( {{v_1}L_1^{{-\beta }}H_1^{{1+\beta }}\left( {1+\rho } \right){{{\left( {\alpha \beta } \right)}}^{{-\beta }}}{{{\left( {\gamma \phi } \right)}}^{{1+\beta }}}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \hfill \\ {\gamma c_2^a+1={{{\left( {{v_2}L_2^{{-\beta }}H_2^{{1+\beta }}\left( {1+\rho } \right){{{\left( {\alpha \beta } \right)}}^{{-\beta }}}{{{\left( {\gamma \phi } \right)}}^{{1+\beta }}}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \hfill \\ \end{array} $$
(B2)
$$ \begin{array}{*{20}c} {\alpha z_1^a+1={{{\left( {{v_1}L_1^{{1-\phi }}H_1^{\phi}\left( {1+\rho } \right){{{\left( {\alpha \beta } \right)}}^{{1-\phi }}}{{{\left( {\gamma \phi } \right)}}^{\phi }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \hfill \\ {\alpha z_2^a+1={{{\left( {{v_2}L_2^{{1-\phi }}H_2^{\phi}\left( {1+\rho } \right){{{\left( {\alpha \beta } \right)}}^{{1-\phi }}}{{{\left( {\gamma \phi } \right)}}^{\phi }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \hfill \\ \end{array} $$
(B3)

It follows from (B2) and (B3) that

$$ \begin{array}{*{20}c} {{c_1}={{{\left( {\left( {1+\rho } \right){{{\left( {\alpha \beta } \right)}}^{{-\beta }}}{{{\left( {\gamma \phi } \right)}}^{{1+\beta }}}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}\left[ {{{{\left( {{v_1}L_1^{{-\beta }}H_1^{{1+\beta }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}-\rho {{{\left( {{v_2}L_2^{{-\beta }}H_2^{{1+\beta }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \right]{{{\left[ {\gamma \left( {1-{\rho^2}} \right)} \right]}}^{-1 }}-{{{\left[ {\gamma \left( {1+\rho } \right)} \right]}}^{-1 }}} \hfill \\ {{c_2}={{{\left( {\left( {1+\rho } \right){{{\left( {\alpha \beta } \right)}}^{{-\beta }}}{{{\left( {\gamma \phi } \right)}}^{{1+\beta }}}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}\left[ {{{{\left( {{v_2}L_2^{{-\beta }}H_2^{{1+\beta }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}-\rho {{{\left( {{v_1}L_1^{{-\beta }}H_1^{{1+\beta }}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \right]{{{\left[ {\gamma \left( {1-{\rho^2}} \right)} \right]}}^{-1 }}-{{{\left[ {\gamma \left( {1+\rho } \right)} \right]}}^{-1 }}} \hfill \\ \end{array} $$
(B4)
$$ \begin{array}{*{20}c} {{z_1}={{{\left( {\left( {1+\rho } \right){{{\left( {\alpha \beta } \right)}}^{{-\beta }}}{{{\left( {\gamma \phi } \right)}}^{{1+\beta }}}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}\left[ {{{{\left( {{v_1}L_1^{{1-\phi }}H_1^{\phi }} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}-\rho {{{\left( {{v_2}L_2^{{1-\phi }}H_2^{\phi }} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \right]{{{\left[ {\alpha \left( {1-{\rho^2}} \right)} \right]}}^{-1 }}-{{{\left[ {\alpha \left( {1+\rho } \right)} \right]}}^{-1 }}-\eta {s_2}} \hfill \\ {{z_2}={{{\left( {\left( {1+\rho } \right){{{\left( {\alpha \beta } \right)}}^{{-\beta }}}{{{\left( {\gamma \phi } \right)}}^{{1+\beta }}}} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}\left[ {{{{\left( {{v_2}L_2^{{1-\phi }}H_2^{\phi }} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}-\rho {{{\left( {{v_1}L_1^{{1-\phi }}H_1^{\phi }} \right)}}^{{\frac{1}{{1+\beta -\phi }}}}}} \right]{{{\left[ {\alpha \left( {1-{\rho^2}} \right)} \right]}}^{-1 }}-{{{\left[ {\alpha \left( {1+\rho } \right)} \right]}}^{-1 }}-\eta {s_1}} \hfill \\ \end{array} $$
(B5)

Now, consider the second order conditions at equilibrium. In a similar way, we can obtain \( {\partial^2}{F_1}/\partial s_1^2 <0\;\mathrm{and}\;{\partial^2}{F_2}/\partial s_2^2<0 \).

Given (B1), it is easy to derive that

$$ \begin{array}{*{20}c} {{\partial^2}F/\partial z_1^2=-\alpha \left( {1+\beta } \right){{{\left( {1+\rho } \right)}}^{-1 }}\left[ {{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}+{\rho^2}{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}} \right]<0} \hfill \\ {{\partial^2}F/\partial z_2^2=-\alpha \left( {1+\beta } \right){{{\left( {1+\rho } \right)}}^{-1 }}\left[ {{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}+{\rho^2}{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}} \right]<0} \hfill \\ {{\partial^2}F/\partial {z_1}\partial {z_2}=-\alpha \rho \left( {1+\beta } \right){{{\left( {1+\rho } \right)}}^{-1 }}\left[ {{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}+{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}} \right]} \hfill \\ \end{array} $$

and

$$ \begin{array}{*{20}c} {\left[ {{\partial^2}F/\partial z_1^2} \right]\left[ {{\partial^2}F/\partial z_2^2} \right]-{{{\left[ {{\partial^2}F/\partial {z_1}\partial {z_2}} \right]}}^2}} \hfill \\ {={\alpha^2}{{{\left( {1+\beta } \right)}}^2}{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}{{{\left( {1+\rho } \right)}}^{-2 }}\left( {1+{\rho^4}-2{\rho^2}} \right)>0} \hfill \\ \end{array}. $$

Analogously, the second order condition for H can be validated.

Appendix C. The social planner just controls information sharing

When only information sharing is controlled by the social planner, (A1) and (A3) remain valid. (A2) becomes

$$ \begin{array}{*{20}c} {\partial F/\partial {s_1}=\rho \alpha \beta {v_1}{L_1}\eta {{{\left( {\gamma c_1^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_1^a+1} \right)}}^{{-\beta -1}}}+\alpha \beta {v_2}{L_2}\eta {{{\left( {\gamma c_2^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_2^a+1} \right)}}^{{-\beta -1}}}} \hfill \\ {\quad \quad \quad \quad \quad \quad \quad \quad \quad \quad \quad \quad \quad -2\left( {{\kappa_1}-{\kappa_2}} \right){s_1}+2{\kappa_3}{s_2}=0} \hfill \\ {\partial F/\partial {s_2}=\alpha \beta {v_1}{L_1}\eta {{{\left( {\gamma c_1^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_1^a+1} \right)}}^{{-\beta -1}}}+\rho \alpha \beta {v_2}{L_2}\eta {{{\left( {\gamma c_2^a+1} \right)}}^{\phi }}{{{\left( {\alpha z_2^a+1} \right)}}^{{-\beta -1}}}} \hfill \\ {\quad \quad \quad \quad \quad \quad \quad \quad \quad \quad \quad \quad \quad -2\left( {{\kappa_1}-{\kappa_2}} \right){s_2}+2{\kappa_3}{s_1}=0} \hfill \\ \end{array} $$
(C1)

Substituting (A1) into (C1) gives

$$ {s_1}={s_2}=\eta \left( {1+\rho } \right){{\left[ {2\left( {{\kappa_1}-{\kappa_2}-{\kappa_3}} \right)} \right]}^{-1 }}. $$

Aggregate defense and aggregate attack are derived from (A1) and (A3), both of which remain unchanged. Hence, security investment and cyber attacks are given by (A7) and (A8) respectively after substituting s 1 and s 2.

Noting (A1), we have

$$ \begin{array}{*{20}c} {{\partial^2}F/\partial s_1^2=-\alpha {\eta^2}\left( {1+\beta } \right)\left[ {{\rho^2}{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}+{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}} \right]-2\left( {{\kappa_1}-{\kappa_2}} \right)<0} \hfill \\ {{\partial^2}F/\partial s_2^2=-\alpha {\eta^2}\left( {1+\beta } \right)\left[ {{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}+{\rho^2}{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}} \right]-2\left( {{\kappa_1}-{\kappa_2}} \right)<0} \hfill \\ {{\partial^2}F/\partial {s_1}\partial {s_2}=-\alpha \rho {\eta^2}\left( {1+\beta } \right)\left[ {{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}+{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}} \right]+2{\kappa_3}} \hfill \\ \end{array} $$

and

$$ \begin{array}{*{20}c} {\left[ {{\partial^2}F/\partial s_1^2} \right]\left[ {{\partial^2}F/\partial s_2^2} \right]-{{{\left[ {{\partial^2}F/\partial {s_1}\partial {s_2}} \right]}}^2}} \hfill \\ {=2\alpha {\eta^2}\left( {1+\beta } \right)\left[ {\left( {{\kappa_1}-{\kappa_2}} \right)\left( {1+{\rho^2}} \right)+2{\kappa_3}\rho )} \right]\left[ {{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}+{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}} \right]} \hfill \\ {+{\alpha^2}{\eta^4}{{{\left( {1+\beta } \right)}}^2}{{{\left( {1-{\rho^2}} \right)}}^2}{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}+4\left[ {{{{\left( {{\kappa_1}-{\kappa_2}} \right)}}^2}-\kappa_3^2} \right]>0} \hfill \\ \end{array} $$

for appropriate interdependence ρ since κ 1 ≥ κ 2 + κ 3. It is obvious that \( {\partial^2}{F_1}/\partial z_1^2<0 \) and \( {\partial^2}{F_2}/\partial z_2^2<0 \). As above, the second order condition for H can be validated in the same way.

Appendix D. The social planner controls both security investment and information sharing

When the social planner controls security investment and information sharing, (B1), (C1) as well as (A4) are valid. Substituting (B1) into (C1) yields

$$ {s_1}={s_2}=\eta {{\left[ {2\left( {{\kappa_1}-{\kappa_2}-{\kappa_3}} \right)} \right]}^{-1 }}. $$

Aggregate defense and aggregate attack in this case are equal to those when the social planner just controlling security investment, which are determined by (B1) and (A4). The security investment and cyber attacks can be obtained similarly, shown in (B4) and (B5) where s 1 and s 2 are replaced. The second order condition for the social planner is satisfied if the following symmetric matrix is negative definite,

$$ J\left( \rho \right)=\left( {\begin{array}{*{20}c} {{\partial^2}F/\partial z_1^2} \hfill & {{\partial^2}F/\partial {z_1}\partial {z_2}} \hfill & {{\partial^2}F/\partial {z_1}\partial {s_1}} \hfill & {{\partial^2}F/\partial {z_1}\partial {s_2}} \hfill \\ {{\partial^2}F/\partial {z_2}\partial {z_1}} \hfill & {{\partial^2}F/\partial z_2^2} \hfill & {{\partial^2}F/\partial {z_2}\partial {s_1}} \hfill & {{\partial^2}F/\partial {z_2}\partial {s_2}} \hfill \\ {{\partial^2}F/\partial {s_1}\partial {z_1}} \hfill & {{\partial^2}F/\partial {s_1}\partial {z_2}} \hfill & {{\partial^2}F/\partial s_1^2} \hfill & {{\partial^2}F/\partial {s_1}\partial {s_2}} \hfill \\ {{\partial^2}F/\partial {s_2}\partial {z_1}} \hfill & {{\partial^2}F/\partial {s_2}\partial {z_2}} \hfill & {{\partial^2}F/\partial {s_2}\partial {s_1}} \hfill & {{\partial^2}F/\partial s_2^2} \hfill \\ \end{array}} \right) $$

where

$$ \begin{array}{*{20}c} {{\partial^2}F/\partial {z_1}\partial {s_1}=-\alpha \rho \eta \left( {1+\beta } \right){{{\left( {1+\rho } \right)}}^{-1 }}\left[ {{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}+{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}} \right]} \hfill \\ {{\partial^2}F/\partial {z_1}\partial {s_2}=-\alpha \eta \left( {1+\beta } \right){{{\left( {1+\rho } \right)}}^{-1 }}\left[ {{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}+{\rho^2}{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}} \right]} \hfill \\ {{\partial^2}F/\partial {z_2}\partial {s_1}=-\alpha \eta \left( {1+\beta } \right){{{\left( {1+\rho } \right)}}^{-1 }}\left[ {{\rho^2}{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}+{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}} \right]} \hfill \\ {{\partial^2}F/\partial {z_2}\partial {s_2}=-\rho \alpha \eta \left( {1+\beta } \right)\left[ {{{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}+{{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}} \right]} \hfill \\ \end{array} $$

and other partial derivatives are equal to the preceding after substituting aggregate defense and aggregate attack here. Exchanging the second and the fourth rows and simultaneously exchanging the second and the fourth columns of J(0) yield

$$ \widehat{J}(0)=\left( {\begin{array}{*{20}c} A \hfill & {{O_{{2\times 2}}}} \hfill \\ {{O_{{2\times 2}}}} \hfill & B \hfill \\ \end{array}} \right), $$

where O 2×2 is zero matrix,

$$ A=\alpha \left( {1+\beta } \right){{\left( {\alpha z_1^a+1} \right)}^{-1 }}\left( {\begin{array}{*{20}c} {-1} \hfill & {-\eta } \hfill \\ {-\eta } \hfill & {-1} \hfill \\ \end{array}} \right) $$

and

$$ B=\left( {\begin{array}{*{20}c} {-\alpha {\eta^2}\left( {1+\beta } \right){{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}-2\left( {{\kappa_1}-{\kappa_2}} \right)} \hfill & {2{\kappa_3}} \hfill \\ {2{\kappa_3}} \hfill & {-\alpha {\eta^2}\left( {1+\beta } \right){{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}-2\left( {{\kappa_1}-{\kappa_2}} \right)} \hfill \\ \end{array}} \right) $$

Obviously, A has two negative eigenvalues. Since

$$ \begin{array}{*{20}c} {\det B=\left[ {\alpha {\eta^2}\left( {1+\beta } \right){{{\left( {\alpha z_2^a+1} \right)}}^{-1 }}+2\left( {{\kappa_1}-{\kappa_2}} \right)} \right]\left[ {\alpha {\eta^2}\left( {1+\beta } \right){{{\left( {\alpha z_1^a+1} \right)}}^{-1 }}+2\left( {{\kappa_1}-{\kappa_2}} \right)} \right]-4\kappa_3^2} \hfill \\ {\quad \quad >4\left[ {{{{\left( {{\kappa_1}-{\kappa_2}} \right)}}^2}-\kappa_3^2} \right]\geq 0} \hfill \\ \end{array}, $$

and tr(B) < 0, symmetric matrix B also has two negative eigenvalues. Therefore, all eigenvalues of \( \widehat{J}(0) \) are negative, which implies that J(0) is negative definite since J(0) and \( \widehat{J}(0) \) have the same eigenvalues. By the continuity of J(ρ) with respect to ρ, J(ρ) is negative definite for ρ with a small magnitude (for any non-zero vector X, X T J(0)X > 0 ⇒ X T J(ρ)X > 0 as long as the magnitude of ρ is small). The second order condition for the hacker can be validated similarly.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Gao, X., Zhong, W. & Mei, S. Security investment and information sharing under an alternative security breach probability function. Inf Syst Front 17, 423–438 (2015). https://doi.org/10.1007/s10796-013-9411-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10796-013-9411-3

Keywords

Search

Navigation