In this paper, I model the interaction of an information system, its users, and its attackers as an ecological system with three populations. I model the relationship between users and the system as an obligate mutualism and the relationship between the system and the attackers as a predator-prey relationship. Sensitivity analysis on a numerical example suggests that the model is consistent with expectations of economic reality. Critical point analysis suggests that defenses that reduce the reward to attackers are superior to those that reduce damage to assets.
"Predator-prey / Obligate Mutualism in Information System Security and Usage,"
Journal of Information Technology Theory and Application (JITTA): Vol. 18
, Article 2.
Available at: http://aisel.aisnet.org/jitta/vol18/iss1/2