Trust and fairness as incentives for compliance with information security policies

Alok Gupta, Dmitry Zhdanov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

We consider the problem of enforcing compliance with information security policies in organizations in order to mitigate insider threat. We show that compliance with security policies may be enforced even for myopic, self-interested, agents by providing them proper economic incentives for compliance. Our approach includes several variations of a compliance game between the organization and its inside users in which a bonus is paid for compliance with security policies. We show that compliance may be sustained by emphasizing the continuous, repeated nature of security-related decisions. Alternatively, compliance is more likely to emerge when costs and benefits of increased protection are shared in a fair manner. Our results emphasize the need to build trust between organizational entities, as well as suggest a way to determine compliance bonus in a fair manner.

Original languageEnglish (US)
Title of host publication16th Workshop on Information Technologies and Systems, WITS 2006
PublisherSocial Science Research Network
Pages211-216
Number of pages6
StatePublished - Jan 1 2006
Event16th Workshop on Information Technologies and Systems, WITS 2006 - Milwaukee, WI, United States
Duration: Dec 9 2006Dec 10 2006

Other

Other16th Workshop on Information Technologies and Systems, WITS 2006
CountryUnited States
CityMilwaukee, WI
Period12/9/0612/10/06

Fingerprint

Security of data
Compliance
Economics
Costs

Cite this

Gupta, A., & Zhdanov, D. (2006). Trust and fairness as incentives for compliance with information security policies. In 16th Workshop on Information Technologies and Systems, WITS 2006 (pp. 211-216). Social Science Research Network.

Trust and fairness as incentives for compliance with information security policies. / Gupta, Alok; Zhdanov, Dmitry.

16th Workshop on Information Technologies and Systems, WITS 2006. Social Science Research Network, 2006. p. 211-216.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Gupta, A & Zhdanov, D 2006, Trust and fairness as incentives for compliance with information security policies. in 16th Workshop on Information Technologies and Systems, WITS 2006. Social Science Research Network, pp. 211-216, 16th Workshop on Information Technologies and Systems, WITS 2006, Milwaukee, WI, United States, 12/9/06.
Gupta A, Zhdanov D. Trust and fairness as incentives for compliance with information security policies. In 16th Workshop on Information Technologies and Systems, WITS 2006. Social Science Research Network. 2006. p. 211-216
Gupta, Alok ; Zhdanov, Dmitry. / Trust and fairness as incentives for compliance with information security policies. 16th Workshop on Information Technologies and Systems, WITS 2006. Social Science Research Network, 2006. pp. 211-216
@inproceedings{9f7dadbdab90452c829199e0a3529146,
title = "Trust and fairness as incentives for compliance with information security policies",
abstract = "We consider the problem of enforcing compliance with information security policies in organizations in order to mitigate insider threat. We show that compliance with security policies may be enforced even for myopic, self-interested, agents by providing them proper economic incentives for compliance. Our approach includes several variations of a compliance game between the organization and its inside users in which a bonus is paid for compliance with security policies. We show that compliance may be sustained by emphasizing the continuous, repeated nature of security-related decisions. Alternatively, compliance is more likely to emerge when costs and benefits of increased protection are shared in a fair manner. Our results emphasize the need to build trust between organizational entities, as well as suggest a way to determine compliance bonus in a fair manner.",
author = "Alok Gupta and Dmitry Zhdanov",
year = "2006",
month = "1",
day = "1",
language = "English (US)",
pages = "211--216",
booktitle = "16th Workshop on Information Technologies and Systems, WITS 2006",
publisher = "Social Science Research Network",

}

TY - GEN

T1 - Trust and fairness as incentives for compliance with information security policies

AU - Gupta, Alok

AU - Zhdanov, Dmitry

PY - 2006/1/1

Y1 - 2006/1/1

N2 - We consider the problem of enforcing compliance with information security policies in organizations in order to mitigate insider threat. We show that compliance with security policies may be enforced even for myopic, self-interested, agents by providing them proper economic incentives for compliance. Our approach includes several variations of a compliance game between the organization and its inside users in which a bonus is paid for compliance with security policies. We show that compliance may be sustained by emphasizing the continuous, repeated nature of security-related decisions. Alternatively, compliance is more likely to emerge when costs and benefits of increased protection are shared in a fair manner. Our results emphasize the need to build trust between organizational entities, as well as suggest a way to determine compliance bonus in a fair manner.

AB - We consider the problem of enforcing compliance with information security policies in organizations in order to mitigate insider threat. We show that compliance with security policies may be enforced even for myopic, self-interested, agents by providing them proper economic incentives for compliance. Our approach includes several variations of a compliance game between the organization and its inside users in which a bonus is paid for compliance with security policies. We show that compliance may be sustained by emphasizing the continuous, repeated nature of security-related decisions. Alternatively, compliance is more likely to emerge when costs and benefits of increased protection are shared in a fair manner. Our results emphasize the need to build trust between organizational entities, as well as suggest a way to determine compliance bonus in a fair manner.

UR - http://www.scopus.com/inward/record.url?scp=84901949775&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84901949775&partnerID=8YFLogxK

M3 - Conference contribution

SP - 211

EP - 216

BT - 16th Workshop on Information Technologies and Systems, WITS 2006

PB - Social Science Research Network

ER -