The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Enemy at the gate: threats to information security
Communications of the ACM - Program compaction
Information Goods Pricing and Copyright Enforcement: Welfare Analysis
Information Systems Research
The Value of Intrusion Detection Systems in Information Technology Security Architecture
Information Systems Research
Market for Software Vulnerabilities? Think Again
Management Science
The Economic Incentives for Sharing Security Information
Information Systems Research
Network Software Security and User Incentives
Management Science
Research NoteSell First, Fix Later: Impact of Patching on Software Quality
Management Science
Intrusion Prevention in Information Systems: Reactive and Proactive Responses
Journal of Management Information Systems
The Deterrent and Displacement Effects of Information Security Enforcement: International Evidence
Journal of Management Information Systems
Decision-Theoretic and Game-Theoretic Approaches to IT Security Investment
Journal of Management Information Systems
Investments in Information Security: A Real Options Perspective with Bayesian Postaudit
Journal of Management Information Systems
An integrative study of information systems security effectiveness
International Journal of Information Management: The Journal for Information Professionals
A comparative study of cyberattacks
Communications of the ACM
Journal of Organizational and End User Computing
Hacker Behavior, Network Effects, and the Security Software Market
Journal of Management Information Systems
Hi-index | 0.02 |
We compare alternative information security policies-facilitating enduser precautions and enforcement against attackers. The context is mass and targeted attacks, taking account of strategic interactions between end users and attackers. For both mass and targeted attacks, facilitating end-user precautions reduces the expected loss of end users. However, the impact of enforcement on expected loss depends on the balance between deterrence and slackening of end-user precautions. Facilitating end-user precautions is more effective than enforcement against attackers when the cost of precautions and the cost of attacks are lower. With targeted attacks, facilitating end-user precautions is more effective for users with relatively high valuation of information security, while enforcement against attackers is more effective for users with relatively low valuation of security.