Sciweavers

HICSS
2009
IEEE

Information Security: User Precautions, Attacker Efforts, and Enforcement

14 years 7 months ago
Information Security: User Precautions, Attacker Efforts, and Enforcement
We analyze the strategic interactions among endusers and between end-users and attackers in mass and targeted attacks. In mass attacks, precautions by endusers are strategic substitutes. This explains the inertia among users in taking precautions even in the face of grave potential consequences. Generally, information security can be addressed from two angles – facilitating end-user precautions and enforcement against attackers. We show that, enforcement is more effective as an all-round policy to enhance information security. Facilitating user precautions leads to increased precautions and increased end-user demand, which have conflicting effects on the total harm suffered by end-users. Hence, reduced form estimates of the impact of facilitating precautions may over- or underestimate the impact, depending on which effect is stronger. Further, in targeted attacks, the outcome of interaction between users and attackers depends on the specific cost functions. Attackers may target lowv...
Ivan P. L. Png, Qiu-Hong Wang
Added 19 May 2010
Updated 19 May 2010
Type Conference
Year 2009
Where HICSS
Authors Ivan P. L. Png, Qiu-Hong Wang
Comments (0)