Information Security: Facilitating User Precautions Vis-a-Vis Enforcement Against Attackers

Author

Ivan P. L. PNG
QIU-HONG WANG, Singapore Management UniversityFollow

Publication Type

Journal Article

Publication Date

9-2009

Abstract

We compare alternative information security policies-facilitating end-user precautions and enforcement against attackers. The context is mass and targeted attacks, taking account of strategic interactions between end users and attackers. For both mass and targeted attacks. facilitating end-user precautions reduces, the expected loss of end users. However, the impact of enforcement oil expected loss depends oil the balance between deterrence and Slackening of end-user precautions. Facilitating end-user precautions is more effective than enforcement against. attackers when the cost of precautions and the cost of atacks are lower. With targeted attacks, facilitating end-user precautions is more effective for users with relatively high valuation of information security, while enforcement against attackers is more effective for users with relatively low valuation of security

Keywords

enforcement, facilitation, information security, mass attacks, targeted attacks

Discipline

Computer Sciences | Information Security

Research Areas

Information Systems and Management

Publication

Journal of Management Information Systems

Volume

26

Issue

2

First Page

97

Last Page

121

ISSN

0742-1222

Identifier

10.2753/MIS0742-1222260205

Publisher

Taylor & Francis (Routledge): SSH Titles

Citation

PNG, Ivan P. L. and QIU-HONG WANG. Information Security: Facilitating User Precautions Vis-a-Vis Enforcement Against Attackers. (2009). Journal of Management Information Systems. 26, (2), 97-121.
Available at: https://ink.library.smu.edu.sg/sis_research/3223

Additional URL

http://dx.doi.org/10.2753/MIS0742-1222260205