Trust and Fairness as Incentives for Compliance with Information Security Policies
نویسندگان
چکیده
We consider the problem of enforcing compliance with information security policies in organizations in order to mitigate insider threat. We show that compliance with security policies may be enforced even for myopic, self-interested, agents by providing them proper economic incentives for compliance. Our approach includes several variations of a compliance game between the organization and its inside users in which a bonus is paid for compliance with security policies. We show that compliance may be sustained by emphasizing the continuous, repeated nature of security-related decisions. Alternatively, compliance is more likely to emerge when costs and benefits of increased protection are shared in a fair manner. Our results emphasize the need to build trust between organizational entities, as well as suggest a way to determine compliance bonus in a fair manner.
منابع مشابه
Presenting the Model of Tax Compliance with the realization approach of Eghtesad Moghavemati: The Role of Internal and Psychological Factors
Today, the concept of tax compliance has become a common phenomenon in the most countries and identifying the factors which affecting on it, specially internal and psychological factors instead of economic factors, attracted the attention of a large number of researchers in all over the world. So, the purpose of this study is to present a model of tax compliance with the realization approach of...
متن کاملConformity with Clinical Setting among Nursing Students as a Way to Achieve Belongingness: A Qualitative Study
Introduction: Belongingness is one of the most important needs among students in order to have proper performance in clinical setting. If basic needs of students to security and belonging are not met, higher level needs will be of less importance and there will not be an opportunity to consider them. The purpose of this study is to present a set of findings by studies exploring nursing students...
متن کاملDrivers Metrics and Best Practices for Information Security
Information security is one of the top problems of business executive and information system managers alike. Pervasive use of information technology in all aspects of business today as well as highlighted need for regulatory compliance calls for analysis of information systems in their entirety – going beyond technical aspects and considering people and organizations as well. In my dissertation...
متن کاملReferee: trust management for Web applications
Digital signatures provide a mechanism for guaranteeing integrity and authenticity of Web content but not more general notions of security or trust. Web-aware applications must permit users to state clearly their own security policies and, of course, must provide the cryptographic tools for manipulating digital signatures. This paper describes the REFEREE trust management system for Web applica...
متن کاملInformation Security Requirements for Implementing Electronic Health Records in Iran
Background and Goal: ICT development in recent years has created excellent developments in human social and economic life. One of the most important opportunities to use information technology is in the medical field, that the result would be electronic health record (EHR).The purpose of this research is to investigate the effects information securi...
متن کامل