A Decision Framework For Evaluating Information Risk: Game Theory Perspective

Most of the methods evolving from computer science, scuffle to consider the ambivalence factors in risk evaluation such as human errors and intentions. Thus to compute the magnitude of risk for evaluation of rational influences should also be taken into consideration to make a good decision. Game Theory is a practical approach to decision making in such scenarios and conditions. This gives the flexibility to quantify the value of risk and also to analyze all the actions that an attacker can take against the defender. This will help us examine the behavior of an attacker also, the impact and consequences; henceforth will improve our decision making process. In this paper, we have explained how Game Theory can be amalgamated with different fields like Mathematics, Computer Science and Sociology to evaluate information risk. We have described the game theoretical model that adopts various well known strategic games to serve at the different stages in enterprise risk evaluation depicting the entities involved in the process as players with certain action sets and associated payoffs or utilities. Index Terms— Decision Making, Events, Game Theory, Information Risk, Risk Evaluation