Improving Internet Security through Mandatory Information Disclosure
Although disclosure has long been considered as a solution to internalize externalities, mandatory security information disclosure is still in debate. We propose a mandatory disclosure mechanism based on existing data. The information is disclosed as straightforward rankings of organizations for use...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2015
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/2637 https://ink.library.smu.edu.sg/context/sis_research/article/3637/viewcontent/Improv_Internet_Security_Mandatory_HICSS_2015_pv.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | Although disclosure has long been considered as a solution to internalize externalities, mandatory security information disclosure is still in debate. We propose a mandatory disclosure mechanism based on existing data. The information is disclosed as straightforward rankings of organizations for users to understand, interpret, and make comparisons. As a result, the disclosure can influence organizations through reputational effects. We created a public website to disclose information regularly and conducted a quasi-experiment on outgoing spam to test the effectiveness of our mechanism on four matched country groups. For each treated country, we released the ranking list of top 10 most spamming organizations every month, while for the control countries, no information was disclosed. We find that the treatment organizations subject to spam information disclosure reduced significantly more spam than comparison organizations. |
|---|