Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
1-2015
Abstract
Although disclosure has long been considered as a solution to internalize externalities, mandatory security information disclosure is still in debate. We propose a mandatory disclosure mechanism based on existing data. The information is disclosed as straightforward rankings of organizations for users to understand, interpret, and make comparisons. As a result, the disclosure can influence organizations through reputational effects. We created a public website to disclose information regularly and conducted a quasi-experiment on outgoing spam to test the effectiveness of our mechanism on four matched country groups. For each treated country, we released the ranking list of top 10 most spamming organizations every month, while for the control countries, no information was disclosed. We find that the treatment organizations subject to spam information disclosure reduced significantly more spam than comparison organizations.
Discipline
Computer Sciences | Information Security | Management Information Systems
Research Areas
Information Systems and Management
Publication
2015 48th Hawaii International Conference on System Sciences HICSS: 5-8 January, Kauai, HI: Proceedings
First Page
4813
Last Page
4823
ISBN
9781479973682
Identifier
10.1109/HICSS.2015.572
Publisher
IEEE Computer Society
City or Country
Los Alamitos, CA
Citation
TANG, Qian and WHINSTON, Andrew B..
Improving Internet Security through Mandatory Information Disclosure. (2015). 2015 48th Hawaii International Conference on System Sciences HICSS: 5-8 January, Kauai, HI: Proceedings. 4813-4823.
Available at: https://ink.library.smu.edu.sg/sis_research/2637
Copyright Owner and License
Publisher
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1109/HICSS.2015.572