Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers
نویسندگان
چکیده
We compare alternative information security policies—facilitating enduser precautions and enforcement against attackers. The context is mass and targeted attacks, taking account of strategic interactions between end users and attackers. For both mass and targeted attacks, facilitating end-user precautions reduces the expected loss of end users. However, the impact of enforcement on expected loss depends on the balance between deterrence and slackening of end-user precautions. Facilitating end-user precautions is more effective than enforcement against attackers when the cost of precautions and the cost of attacks are lower. With targeted attacks, facilitating end-user precautions is more effective for users with relatively high valuation of information security, while enforcement against attackers is more effective for users with relatively low valuation of security.
منابع مشابه
Authenticating ‘Cover to Cover’ Reader Series vis-à-vis Cultural Norms for the Iranian community
This research study was an attempt to explore hidden cultural components in an ELT textbook from Oxford University Press (OUP) titled 'Cover to Cover'. Two research methodologies were relied on to unveil the western ideologies in this series: Firstly, a qualitative review over its reading textbooks was undertaken for authenticating the hidden western values for Iranian contexts. At this stage, ...
متن کاملWould Regulation of Web Site Privacy Policy Statements Increase Consumer Trust?
Proponents of e-commerce have known for some time that limited participation by consumers partially reflects their concern over the privacy of personal information. To address consumer concerns, web site operators have employed security mechanisms, including privacy policy statements to increase their perceived trustworthiness. While empirical evidence is limited, there is some question regardi...
متن کاملAwareness Education as the Key to Ransomware Prevention
In the paradigm of Information Systems (IS), information security research has received increased attention from both academic researchers and industry practitioners alike. This intriguing phenomena is related to the growing recognition that, notwithstanding the advances in information technology (IT) for data collection, storage, and processing at a remarkable rate, users’ concerns over securi...
متن کاملKnowing the Enemy at the Gates: Measuring Attacker Motivation
Traditional cost-benefit analysis (CBA) quantifies the value of information security safeguards in terms of their expenses compared to their savings before and after their implementation. This paper considers CBA from the attacker's viewpoint, adding another type of measurement, the willingness to endure consequences. We propose a new set of equations and examine their implications vis-à-vis tw...
متن کاملSecurity Issues in Cloud Computing: The Potentials of Homomorphic Encryption
The prominence of the place of cloud computing in future converged networks is incontestable. This is due to the obvious advantages of the cloud as a medium of storage with ubiquity of access platforms and minimal hardware requirements on the user end. Secure delivery of data to and from the cloud is however a serious issue that needs to be addressed. We present in this paper the security issue...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- J. of Management Information Systems
دوره 26 شماره
صفحات -
تاریخ انتشار 2009