The economics of user effort in information security

被引：20

作者：

机构：

来源：

Comput. Fraud Secur. | 2009年 / 10卷 / 8-12期

关键词：

Authentication;

D O I：

10.1016/S1361-3723(09)70127-7

中图分类号：

学科分类号：

摘要：

A significant number of security breaches result from employees' failures to comply with security policies. The cause is often an honest mistake, such as when an employee enters their password in a phishing website, believing it to be a legitimate one.1 It can also be a workaround when faced with an impossible task, such as when an employee has so many different passwords that they must be written down.2. © 2009 Elsevier Ltd. All rights reserved.

引用

页码：8 / 12

页数：4

共 11 条

[1] Dhamija R., Tygar J.D., Hearst M., Why Phishing Works, Proceedings of the 2006 SIGCHI Conference on Human Factors in Computing Systems. April 24, 27, (2006)
[2] Adams, Sasse M.A., Users Are Not the Enemy: Why users compromise security mechanisms and how to take remedial measures., Communications of the ACM, 42, 12, pp. 40-46, (1999)
[3] Weirich D., Persuasive Password Security, (2005)
[4] Beautement A., Coles R., Griffin J., Monahan B., Pym D., Sasse M.A., Wonham M., the Human and Technological Costs and Benefits of USB Memory Stick Security, Workshop on Economics in Information Security, (2008)
[5] Eric Johnson M., Goetz E., Embedding Information Security into the Organisation, IEEE Security & Privacy, pp. 16-24, (2007)
[6] Vroom C., von Solms R., Towards information security behavioural compliance, Computers & SecurityVolume, 23, 3, pp. 191-198, (2004)
[7] An Introduction to Computer Security: The NIST Handbook, (1995)
[8] Thaler R.H., Sunstein C.R., Nudge
[9] Sasse M.A., Brostoff S., Weirich D., Transforming the 'weakest link': a human-computer interaction approach to usable and effective security., BT Technology Journal, 19, 3, pp. 122-131, (2001)
[10] Randazzo M.R., Keeney M., Kowalski E., Cappelli D., Moore A., Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector, (2004)

← 1 2 →