Publication | Closed Access
Information Security: Facilitating User Precautions Vis-à-Vis Enforcement Against Attackers
72
Citations
23
References
2009
Year
Information Security ManagementAlternative Information SecuritySecurity ManagementEngineeringUsable SecurityInformation SecurityWeb SecuritySecurityData PrivacyEnduser PrecautionsComputer ScienceSecurity MeasurementData SecurityCryptography
The context involves mass and targeted attacks, considering strategic interactions between end users and attackers. The study compares alternative information security policies, namely facilitating end‑user precautions versus enforcement against attackers. Facilitating end‑user precautions lowers expected loss in both mass and targeted attacks, and is more effective than enforcement when precaution and attack costs are low, while for targeted attacks its benefit is greatest for users valuing security highly and enforcement is preferable for those valuing it less.
We compare alternative information security policies—facilitating enduser precautions and enforcement against attackers. The context is mass and targeted attacks, taking account of strategic interactions between end users and attackers. For both mass and targeted attacks, facilitating end-user precautions reduces the expected loss of end users. However, the impact of enforcement on expected loss depends on the balance between deterrence and slackening of end-user precautions. Facilitating end-user precautions is more effective than enforcement against attackers when the cost of precautions and the cost of attacks are lower. With targeted attacks, facilitating end-user precautions is more effective for users with relatively high valuation of information security, while enforcement against attackers is more effective for users with relatively low valuation of security.
| Year | Citations | |
|---|---|---|
Page 1
Page 1