Jonathan Spring is a member of the technical staff with the CERT Threat Analysis Group of the Software Engineering Institute, Carnegie Mellon University. He began working for the CERT program in 2009. He is the co-author of an information security textbook, “Introduction to Information Security: A Strategic-Based Approach,” and also serves as an adjunct professor at the University of Pittsburgh’s School of Information Sciences.
His research topics include monitoring cloud computing, DNS traffic analysis, and game theory. He holds a Master’s degree in information security and a Bachelor’s degree in philosophy from the University of Pittsburgh. Jonathan can be reached at firstname.lastname@example.org.
There have been various attempts to apply game theory to various aspects of security situations. This paper is particularly interested in security as relates to computers and the Internet. While there have been varying levels of success in describing different aspects of security in game-theoretic terms, there has been little success in describing the problem on a large scale that would be appropriate for making decisions about enterprise or Internet security policy decisions. This report attempts to provide such a description.