User detection of threats with different security measures
Cyber attacks and the associated costs made cybersecurity a vital part of any system. User behavior and decisions are still a major part in the coping with these risks. We developed a model of optimal investment and human decisions with security measures, given that the effectiveness of each measure...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2020
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/9171 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-10174 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-101742024-08-01T07:12:04Z User detection of threats with different security measures YAAKOV, Yoav Ben MEYER, Joachim WANG, Xinrun AN, Bo Cyber attacks and the associated costs made cybersecurity a vital part of any system. User behavior and decisions are still a major part in the coping with these risks. We developed a model of optimal investment and human decisions with security measures, given that the effectiveness of each measure depends partly on the performance of the others. In an online experiment, participants classified events as malicious or non-malicious, based on the value of an observed variable. Prior to making the decisions, they had invested in three security measures - a firewall, an IDS or insurance. In three experimental conditions, maximal investment in only one of the measures was optimal, while in a fourth condition, participants should not have invested in any of the measures. A previous paper presents the analysis of the investment decisions. This paper reports users' classifications of events when interacting with these systems. The use of security mechanisms helped participants gain higher scores. Participants benefited in particular from purchasing IDS and/or Cyber Insurance. Participants also showed higher sensitivity and compliance with the alerting system when they could benefit from investing in the IDS. Participants, however, did not adjust their behavior optimally to the security settings they had chosen. The results demonstrate the complex nature of risk-related behaviors and the need to consider human abilities and biases when designing cyber security systems. 2020-09-09T07:00:00Z text https://ink.library.smu.edu.sg/sis_research/9171 info:doi/10.1109/ICHMS49158.2020.9209426 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Alerting systems Cybersecurity Decision making Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Alerting systems Cybersecurity Decision making Information Security |
| spellingShingle |
Alerting systems Cybersecurity Decision making Information Security YAAKOV, Yoav Ben MEYER, Joachim WANG, Xinrun AN, Bo User detection of threats with different security measures |
| description |
Cyber attacks and the associated costs made cybersecurity a vital part of any system. User behavior and decisions are still a major part in the coping with these risks. We developed a model of optimal investment and human decisions with security measures, given that the effectiveness of each measure depends partly on the performance of the others. In an online experiment, participants classified events as malicious or non-malicious, based on the value of an observed variable. Prior to making the decisions, they had invested in three security measures - a firewall, an IDS or insurance. In three experimental conditions, maximal investment in only one of the measures was optimal, while in a fourth condition, participants should not have invested in any of the measures. A previous paper presents the analysis of the investment decisions. This paper reports users' classifications of events when interacting with these systems. The use of security mechanisms helped participants gain higher scores. Participants benefited in particular from purchasing IDS and/or Cyber Insurance. Participants also showed higher sensitivity and compliance with the alerting system when they could benefit from investing in the IDS. Participants, however, did not adjust their behavior optimally to the security settings they had chosen. The results demonstrate the complex nature of risk-related behaviors and the need to consider human abilities and biases when designing cyber security systems. |
| format |
text |
| author |
YAAKOV, Yoav Ben MEYER, Joachim WANG, Xinrun AN, Bo |
| author_facet |
YAAKOV, Yoav Ben MEYER, Joachim WANG, Xinrun AN, Bo |
| author_sort |
YAAKOV, Yoav Ben |
| title |
User detection of threats with different security measures |
| title_short |
User detection of threats with different security measures |
| title_full |
User detection of threats with different security measures |
| title_fullStr |
User detection of threats with different security measures |
| title_full_unstemmed |
User detection of threats with different security measures |
| title_sort |
user detection of threats with different security measures |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2020 |
| url |
https://ink.library.smu.edu.sg/sis_research/9171 |
| _version_ |
1814047761500209152 |