Information Security: Facilitating User Precautions Vis-a-Vis Enforcement Against Attackers

被引:50
作者
Png, Ivan P. L. [1 ]
Wang, Qiu-Hong [2 ]
机构
[1] Natl Univ Singapore, Sch Business, Singapore, Singapore
[2] Huazhong Univ Sci & Technol, Sch Management, Wuhan, Peoples R China
来源
JOURNAL OF MANAGEMENT INFORMATION SYSTEMS | 2009年 / 26卷 / 02期
关键词
enforcement; facilitation; information security; mass attacks; targeted attacks; SYSTEMS; INCENTIVES;
D O I
10.2753/MIS0742-1222260205
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
We compare alternative information security policies-facilitating end-user precautions and enforcement against attackers. The context is mass and targeted attacks, taking account of strategic interactions between end users and attackers. For both mass and targeted attacks. facilitating end-user precautions reduces, the expected loss of end users. However, the impact of enforcement oil expected loss depends oil the balance between deterrence and Slackening of end-user precautions. Facilitating end-user precautions is more effective than enforcement against. attackers when the cost of precautions and the cost of atacks are lower. With targeted attacks, facilitating end-user precautions is more effective for users with relatively high valuation of information security, while enforcement against attackers is more effective for users with relatively low valuation of security
引用
收藏
页码:97 / 121
页数:25
相关论文
共 40 条
[1]   The economics of information security [J].
Anderson, Ross ;
Moore, Tyler .
SCIENCE, 2006, 314 (5799) :610-613
[2]   Research note - Sell first, fix later: Impact of patching on software quality [J].
Arora, A ;
Caulkins, JP ;
Telang, R .
MANAGEMENT SCIENCE, 2006, 52 (03) :465-471
[3]   Network software security and user incentives [J].
August, Terrence ;
Tunca, Tunay I. .
MANAGEMENT SCIENCE, 2006, 52 (11) :1703-1720
[4]  
BALAKRISHNAN K, 2008, 7 WORKSH EC INF SEC
[5]  
BEAUTEMENT A, 2008, 7 WORKSH EC INF SEC
[6]  
Bolot J, 2008, 7 WORKSH EC INF SEC
[7]   MULTIMARKET OLIGOPOLY - STRATEGIC SUBSTITUTES AND COMPLEMENTS [J].
BULOW, JI ;
GEANAKOPLOS, JD ;
KLEMPERER, PD .
JOURNAL OF POLITICAL ECONOMY, 1985, 93 (03) :488-511
[8]   The value of intrusion detection systems in information technology security architecture [J].
Cavusoglu, H ;
Mishra, B ;
Raghunathan, S .
INFORMATION SYSTEMS RESEARCH, 2005, 16 (01) :28-46
[9]  
CAVUSOGLU H, 2004, CORS INFORMS JOINT I
[10]   Decision-theoretic and game-theoretic approaches to IT security investment [J].
Cavusoglu, Huseyin ;
Raghunathan, Srinivasan ;
Yue, Wei T. .
JOURNAL OF MANAGEMENT INFORMATION SYSTEMS, 2008, 25 (02) :281-304
1234