Title: Designing User Incentives for Cybersecurity
نویسندگان
چکیده
Main Text: The traditional “patching” approach to managing software vulnerabilities and cybersecurity risk has been less effective than desired. In theory, once a vulnerability is discovered, software patches should be quickly developed and released by producers and then expeditiously applied by users. Successful completion of this process would help to maintain secure systems. However, what has been consistently observed in practice is that this process instead breaks down (1). Of particular concern is the failure of the current approach to adequately address the economic incentives that underlie users’ decisions to patch their systems. We propose a simple adaptation to software producer offerings (“versions”) involving users’ patching rights and argue why this change would make a patching approach more effective.
منابع مشابه
Increasing cybersecurity investments in private sector firms
The primary objective of this article is to develop an economics-based analytical framework for assessing the impact of government incentives/regulations designed to offset the tendency to underinvest in cybersecurity related activities by private sector firms. The analysis provided in the article shows that the potential for government incentives/regulations to increase cybersecurity investmen...
متن کاملTake the Money and Run: The Challenges of Designing and Evaluating Financial Incentives in Healthcare; Comment on “Paying for Performance in Healthcare Organisations”
Many countries are turning their attention to the use of explicit financial incentives to drive desired improvements in healthcare performance. However, we have only a weak evidence-base to inform policy in this area. The research challenge is to generate robust evidence on what financial incentives work, under what circumstances, for whom and with what intended and unintended consequences.
متن کاملPaying People to Be Healthy
User Financial Incentives (UFIs) have emerged as a powerful tool for health promotion. Strong evidence suggests that large enough incentives paid to individuals, conditional on behaviour they can control, encourages more of the desired behaviour. However, such interventions can have unintended consequences for non-targeted behaviours. Implementation difficulties that result in individuals not u...
متن کاملA Survey of Technical Approaches for Developing, Deploying, and Adopting Visualizations in the Cybersecurity Domain
Members of the visualization cybersecurity research community are doing important work designing and developing new visualization tools to solve important cybersecurity problems, but technical challenges remain in transitioning and deploying visualizations to end users. This abstract compares and contrasts four common technological methods for developing and deploying visualization tools in the...
متن کاملCreating a National Framework for Cybersecurity: An Analysis of Issues and Options
Even before the terrorist attacks of September 2001, concerns had been rising among security experts about the vulnerabilities to attack of computer systems and associated infrastructure. Yet, despite increasing attention from federal and state governments and international organizations, the defense against attacks on these systems has appeared to be generally fragmented and varying widely in ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014