A simulation model of IS security

Determination of the actual value of security measures is an area currently undergoing scrutiny by many researchers. One method to determine this is to devise a simulation model that incorporates interactions between an information system, its users and a population of attackers. Initial simulation results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value. Policy implications include the realization that IT security policy makers should be aware of their location in the state space before setting IT security policy.

[1]  Hamid R. Nemati International Journal of Information Security and Privacy , 2007 .

[2]  Ephraim R. McLean,et al.  The DeLone and McLean Model of Information Systems Success: A Ten-Year Update , 2003, J. Manag. Inf. Syst..

[3]  Jihong Chen,et al.  State based authentication , 2005, ACM-SE 43.

[4]  E. Rogers,et al.  Diffusion of Innovations , 1964 .

[5]  Shigeru Yamada,et al.  S-Shaped Reliability Growth Modeling for Software Error Detection , 1983, IEEE Transactions on Reliability.

[6]  Kenneth L. Kraemer,et al.  Post-Adoption Variations in Usage and Value of E-Business by Organizations: Cross-Country Evidence from the Retail Industry , 2005, Inf. Syst. Res..

[7]  Lawrence A. Gordon,et al.  The economics of information security investment , 2002, TSEC.

[8]  Katina Michael,et al.  Homo Electricus and the Continued Speciation of Humans , 2007, Encyclopedia of Information Ethics and Security.

[9]  Barbara H Wixom,et al.  A Theoretical Integration of User Satisfaction and Technology Acceptance , 2005, Inf. Syst. Res..

[10]  E. Rogers New Product Adoption and Diffusion , 1976 .

[11]  J. Heineke,et al.  A Labor Theoretic Analysis of Criminal Choice , 1975 .

[12]  Ephraim R. McLean,et al.  Information Systems Success: The Quest for the Dependent Variable , 1992, Inf. Syst. Res..

[13]  Fred D. Davis Perceived Usefulness, Perceived Ease of Use, and User Acceptance of Information Technology , 1989, MIS Q..

[14]  Haralambos Mouratidis,et al.  Information Systems Security: Cases of Network Administrator Threats , 2007, Int. J. Inf. Secur. Priv..

[15]  P. Senge THE FIFTH DISCIPLINE , 1997 .