Most articles that discuss the economics of security focus on the use of rational choice decision models for evaluating investment alternatives. However, security investment decisions involve risk and several researchers have noted that risk related decisions often violate the fundamental principles of rational choice decision models. Accordingly, we assert that problems exist with using these models to explain security investment decisions. Further, we believe that the development of prescriptive models to guide investment decisions requires a deeper understanding of the cognitive processes involved. To test these ideas, we introduce a study that uses prospect theory to analyze security practitioners’ investment decisions. The articl...
The correct control of security often depends on decisions under uncertainty. Using quantified infor...
Information systems development is complex, involving relationships between distinct groups of peopl...
This paper presents scenarios of information security—defending against directed security threats, r...
Information security is an issue that has increased in importance over the past decade. In this time...
Individual decision making in computer security risk plays a critical role in successful information...
Item does not contain fulltextSecurity professionals play a decisive role in security risk decision ...
Purpose - The purpose of this paper was to investigate security decision making during risk and unc...
Economic models of information security investment suggest estimating cost and benefit to make an in...
Extant work has examined users’ security behavior in both individual and organizational contexts by ...
The need to protect resources against attackers is reflected by huge information security investment...
Information security is an extremely important aspect of information systems. A lot of research has ...
The need to protect resources against attackers is reflected by huge information security investment...
Security breaches have increasingly become a major threat to organizations. Nevertheless, according ...
As companies are increasingly exposed to information security threats, decision makers are permanent...
Techniques for determining and applying security decisions typically follow risk-based analytical ap...
The correct control of security often depends on decisions under uncertainty. Using quantified infor...
Information systems development is complex, involving relationships between distinct groups of peopl...
This paper presents scenarios of information security—defending against directed security threats, r...
Information security is an issue that has increased in importance over the past decade. In this time...
Individual decision making in computer security risk plays a critical role in successful information...
Item does not contain fulltextSecurity professionals play a decisive role in security risk decision ...
Purpose - The purpose of this paper was to investigate security decision making during risk and unc...
Economic models of information security investment suggest estimating cost and benefit to make an in...
Extant work has examined users’ security behavior in both individual and organizational contexts by ...
The need to protect resources against attackers is reflected by huge information security investment...
Information security is an extremely important aspect of information systems. A lot of research has ...
The need to protect resources against attackers is reflected by huge information security investment...
Security breaches have increasingly become a major threat to organizations. Nevertheless, according ...
As companies are increasingly exposed to information security threats, decision makers are permanent...
Techniques for determining and applying security decisions typically follow risk-based analytical ap...
The correct control of security often depends on decisions under uncertainty. Using quantified infor...
Information systems development is complex, involving relationships between distinct groups of peopl...
This paper presents scenarios of information security—defending against directed security threats, r...