Information Security: Facilitating User Precautions Vis-a-Vis Enforcement Against Attackers
We compare alternative information security policies-facilitating end-user precautions and enforcement against attackers. The context is mass and targeted attacks, taking account of strategic interactions between end users and attackers. For both mass and targeted attacks. facilitating end-user prec...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2009
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/3223 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| Summary: | We compare alternative information security policies-facilitating end-user precautions and enforcement against attackers. The context is mass and targeted attacks, taking account of strategic interactions between end users and attackers. For both mass and targeted attacks. facilitating end-user precautions reduces, the expected loss of end users. However, the impact of enforcement oil expected loss depends oil the balance between deterrence and Slackening of end-user precautions. Facilitating end-user precautions is more effective than enforcement against. attackers when the cost of precautions and the cost of atacks are lower. With targeted attacks, facilitating end-user precautions is more effective for users with relatively high valuation of information security, while enforcement against attackers is more effective for users with relatively low valuation of security |
|---|