Please use this identifier to cite or link to this item:
https://doi.org/10.1109/HICSS.2009.256
| Title: | Information security: user precautions, attacker efforts, and enforcement | Authors: | Png, I.P.L. Wang, Q.-H. |
Issue Date: | 2009 | Citation: | Png, I.P.L.,Wang, Q.-H. (2009). Information security: user precautions, attacker efforts, and enforcement. Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS. ScholarBank@NUS Repository. https://doi.org/10.1109/HICSS.2009.256 | Abstract: | We analyze the strategic interactions among end-users and between end-users and attackers in mass and targeted attacks. In mass attacks, precautions by end-users are strategic substitutes. This explains the inertia among users in taking precautions even in the face of grave potential consequences. Generally, information security can be addressed from two angles - facilitating end-user precautions and enforcement against attackers. We show that, enforcement is more effective as an all-round policy to enhance information security. Facilitating user precautions leads to increased precautions and increased end-user demand, which have conflicting effects on the total harm suffered by end-users. Hence, reduced form estimates of the impact of facilitating precautions may over- or underestimate the impact, depending on which effect is stronger. Further, in targeted attacks, the outcome of interaction between users and attackers depends on the specific cost functions. Attackers may target low-valuation users as they take fewer precautions. © 2009 IEEE. | Source Title: | Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS | URI: | http://scholarbank.nus.edu.sg/handle/10635/43001 | ISBN: | 9780769534503 | DOI: | 10.1109/HICSS.2009.256 |
| Appears in Collections: | Staff Publications |
Show full item record
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.