Abstract

We consider the problem of enforcing compliance with information security policies in organizations in order to mitigate insider threat. We show that compliance with security policies may be enforced even for myopic, self-interested, agents by providing them proper economic incentives for compliance. Our approach includes several variations of a compliance game between the organization and its inside users in which a bonus is paid for compliance with security policies. We show that compliance may be sustained by emphasizing the continuous, repeated nature of security-related decisions. Alternatively, compliance is more likely to emerge when costs and benefits of increased protection are shared in a fair manner. Our results emphasize the need to build trust between organizational entities, as well as suggest a way to determine compliance bonus in a fair manner.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Information Security Policy in Large Public Organizations
-
-
--
01 Jan 2019
Factors in Information Assurance Professionals' Intentions to Adhere to Information Security Policies
S Raschid Muller ... Mary L Lind
International Journal of Systems and Software Security and Protection | VOL. 11
S Raschid Muller, et. al.S Raschid Muller ... Mary L Lind
01 Jan 2020
An integrative behavioral model of information security policy compliance.
Sang Hoon Kim ... Sunyoung Park
The Scientific World Journal | VOL. 2014
Sang Hoon Kim, et. al.Sang Hoon Kim ... Sunyoung Park
01 Jan 2014
Organizational information security policies: a review and research framework
W Alec Cram ... John D’Arcy
European Journal of Information Systems | VOL. 26
W Alec Cram, et. al.W Alec Cram ... John D’Arcy
01 Nov 2017
View more papers

More From: SSRN Electronic Journal

Paper Title
Journal
Date
Author
O conceito de teoria e a sua função em quatro tipos de pesquisa em Direito (The Concept of Theory and its Function in Four Types of Legal Research)
Daniel Wang
SSRN Electronic Journal | VOL. -
Daniel WangDaniel Wang
01 Jan 2024
Developing a Corporate Social Justice Disclosure Index
Charumathi Balakrishnan
SSRN Electronic Journal | VOL. -
Charumathi BalakrishnanCharumathi Balakrishnan
01 Jan 2024
Tests for Principal Eigenvalues and Eigenvectors
Jianqing Fan ... Xinghua Zheng
SSRN Electronic Journal | VOL. -
Jianqing Fan, et. al.Jianqing Fan ... Xinghua Zheng
01 Jan 2024
Natural Language Processing -Part II: Stock Selection - Alpha Unscripted: The Message within the Message in Earnings Calls
Frank Zhao
SSRN Electronic Journal | VOL. -
Frank ZhaoFrank Zhao
01 Jan 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.