Trust and fairness as incentives for compliance with information security policies

Alok Gupta, Dmitry Zhdanov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations

Abstract

We consider the problem of enforcing compliance with information security policies in organizations in order to mitigate insider threat. We show that compliance with security policies may be enforced even for myopic, self-interested, agents by providing them proper economic incentives for compliance. Our approach includes several variations of a compliance game between the organization and its inside users in which a bonus is paid for compliance with security policies. We show that compliance may be sustained by emphasizing the continuous, repeated nature of security-related decisions. Alternatively, compliance is more likely to emerge when costs and benefits of increased protection are shared in a fair manner. Our results emphasize the need to build trust between organizational entities, as well as suggest a way to determine compliance bonus in a fair manner.

Original languageEnglish (US)
Title of host publication16th Workshop on Information Technologies and Systems, WITS 2006
PublisherSocial Science Research Network
Pages211-216
Number of pages6
StatePublished - Jan 1 2006
Event16th Workshop on Information Technologies and Systems, WITS 2006 - Milwaukee, WI, United States
Duration: Dec 9 2006Dec 10 2006

Other

Other16th Workshop on Information Technologies and Systems, WITS 2006
CountryUnited States
CityMilwaukee, WI
Period12/9/0612/10/06

Fingerprint Dive into the research topics of 'Trust and fairness as incentives for compliance with information security policies'. Together they form a unique fingerprint.

Cite this