Expert Systems with Applications: An International Journal
Hi-index | 0.00 |
Determination of the actual value of security measures is an area currently undergoing scrutiny by many researchers. One method to determine this is to devise a simulation model that incorporates interactions between an information system, its users and a population of attackers. Initial simulation results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value. Policy implications include the realization that IT security policy makers should be aware of their location in the state space before setting IT security policy.