Year-end Sale % OFF 
Abstract
This paper presents an approach to conduct risk assessments of complex incentive systems, using a case study of the normative Peer Review Process (PRP). This research centers on appliances and adaptations of the Conflicting Incentives Risk Analysis (CIRA). First as an approach to Root Cause Analysis of a known incident, and then for a full assessment of the incentives in the PRP together with possible risk treatments. CIRA uses an alternative notion of risk, where risk modeling is in terms of conflicting incentives between the risk owner and the stakeholders concerning the execution of actions. Compared to traditional risk assessment approaches, CIRA provides an insight into the underlying incentives behind a risk, and not just the technical vulnerability, likelihood and consequence. The main contributions of this work are an approach to obtain insight into incentives as root causes, and an approach to detecting and analyzing risks from incentives in the normative PRP. This paper also discusses risk treatments in terms of incentives to make the PRP more robust, together with a discussion of how to approach risk analysis of incentives.
Highlights
One of the most challenging problems within security management is ensuring desirable behavior from various agents in the organization
The previous section highlighted risks inherent in the Peer Review Process (PRP), we discuss these risks in terms how to make the process more robust
The balance between incentives and disincentives are the key in risk managing human factors
Summary
One of the most challenging problems within security management is ensuring desirable behavior from various agents in the organization. 2015, 5 been dedicated to evaluating technological aspects of information systems [1], and are often expressed as a function of probability and consequence. Sci. 2015, 5 been dedicated to evaluating technological aspects of information systems [1], and are often expressed as a function of probability and consequence These risk assessment methods disregard the dimension of risks posed by incentive systems. These are complex risks where the design of incentive systems intends to promote a desired type of behavior but instead leads to adverse actions. This problem is known as perverse incentives in information security [2]. Peer review is supposed to protect the public from potential pseudo-science and prevent readers from wasting their time on inferior research
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
