Please use this identifier to cite or link to this item:
Title: Information security: user precautions, attacker efforts, and enforcement
Authors: Png, I.P.L. 
Wang, Q.-H. 
Issue Date: 2009
Citation: Png, I.P.L.,Wang, Q.-H. (2009). Information security: user precautions, attacker efforts, and enforcement. Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS. ScholarBank@NUS Repository.
Abstract: We analyze the strategic interactions among end-users and between end-users and attackers in mass and targeted attacks. In mass attacks, precautions by end-users are strategic substitutes. This explains the inertia among users in taking precautions even in the face of grave potential consequences. Generally, information security can be addressed from two angles - facilitating end-user precautions and enforcement against attackers. We show that, enforcement is more effective as an all-round policy to enhance information security. Facilitating user precautions leads to increased precautions and increased end-user demand, which have conflicting effects on the total harm suffered by end-users. Hence, reduced form estimates of the impact of facilitating precautions may over- or underestimate the impact, depending on which effect is stronger. Further, in targeted attacks, the outcome of interaction between users and attackers depends on the specific cost functions. Attackers may target low-valuation users as they take fewer precautions. © 2009 IEEE.
Source Title: Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS
ISBN: 9780769534503
DOI: 10.1109/HICSS.2009.256
Appears in Collections:Staff Publications

Show full item record
Files in This Item:
There are no files associated with this item.


checked on Apr 13, 2019

Page view(s)

checked on Jan 26, 2019

Google ScholarTM



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.