Mark Rounds scite author profile

In previous simulation studies, attackers were assumed to respond to changes in reward with an S shaped curve and to changes in security with a declining S shaped curve. This paper reports experimental work that investigates the validity of those assumptions. In general, the results suggest that the assumptions are reasonable. BackgroundMuch of the research in computer security focuses on the technological systems interactions. Walters, Liang, Shi, and Chaudhary [1] focus on the technological portion of wireless networking. Early research surveyed by Browne [2] found that that there were thousands of papers on computer security and risk management, but most were too narrow in scope and too fixated on technological fixes to be of much value.Udo's survey [3] of privacy and security concerns as related to e-commerce focuses on how users perceive threats, and concludes that while many IT users feel that security is a critical issue, they don't believe that the government or any technological fix is capable of securing their privacy. In those areas where the human interaction factor is described, the literature tends to focus on the technology side of the interaction rather than the human side. In their book, Cranor and Garfinkel [4] make the point that overly complex passwords can hurt the overall effectiveness of password security. Besar and Arief [5] and Duggan, Johnson and Grawemeyer [6] discuss the impairment of security by legitimate users, their description of the faults focuses on the technical.Sasse et.al.[7] made the point that the human portion of the security problem is the area of highest leverage. Adams and Sasse [8] stated that rather than avoiding investigating the human factors, we need to embrace them. Mitnick and Simon [9] note that the importance of human factor is critical because it is the basis of many threats. Saltzer and Schroeder [10] who recognize that humans play a role, focus mainly on the technological issues of security rather than the interactions of the system with its users and attackers.The human factor is important because engineers cannot evaluate a security system until they can measure the effectiveness and hence the benefit provided by computer security.Carayon [11] describes a "sociotechnical system" which is the amalgamation of humans and their information system.Many firms engage in cost/benefit analysis of security measures before applying them [12][13] [14]. These analyses are primarily qualitative in nature since there are not many quantitative models of the interaction between attacker and security professional. Gordon and Loeb [15] describe how an information system manager might respond in terms of monetary resources for a selected vulnerability, but they do not discuss how this response will affect the likelihood of future attacks. Authors such as Schneier [16] and Cavusoglu, Cavusoglu, and Raghunathan [17] look at the economics of computer security from the user's point of view but cast little light on how attackers respond. Their work assumes that attackers are u...

show abstract

DuPont Model: A Tool Promotes System Thinking and Integration in Undergraduate Business Education

Xu¹,

Rounds²

2019

ijafr

View full text Add to dashboard Cite

The increasingly complex world of commerce has forced business schools to focus on preparing students for a new environment that requires systemic thinking, the ability to work in teams and the skill and motivation needed to respond to rapid change. Unfortunately, little has changed in how we educate future business leaders. In this paper we report the preliminary results of an attempt to increase under graduate students’ levels of cross-functional and systemic thinking using the DuPont model to integrate across the traditional functional areas of information systems and operations management). The model provides a valuable framework for educators, and can be used to display how typical functional-area tasks (e.g., determining capital structure) are related to firm-level outcomes (e.g., return on equity), and how decision making in one functional area (e.g., managing inventory) has a similar impact on firm-level outcomes as decisions made in other functional areas (e.g., managing cash).

show abstract

Factors Influencing College Students’ Use of Computer Security

Stone

Pendegraft

Rounds

2010

View full text Add to dashboard Cite

Information systems administrators face a difficult balance between providing sufficient security to protect the organization’s computing resources while not inhibiting the appropriate use of these resources. Striking this balance is particularly difficult in higher education due to the diversity of computer uses and users. This is accentuated by one large, diverse user group, namely students. To facilitate striking such a balance, a better understanding of students’ motivations to use security measures is useful. A theoretically sound model linking student and system security characteristics to students’ security behaviors is developed and presented in this paper. The model is operationalized using student responses to a web-based questionnaire. The empirical results show that training to use security measures has no impact on students’ security behaviors while experience with security does. Furthermore, ease of security use positively impacts students’ security behaviors through security self-efficacy. The influence of peers has similar impacts through security outcome expectancy.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Mark Rounds

Diversity in Network Attacker Motivation: A Literature Review

A Simulation Model of IS Security

An Experimental Study to Explore Attacker Response to Changes in Security and Reward

DuPont Model: A Tool Promotes System Thinking and Integration in Undergraduate Business Education

Factors Influencing College Students’ Use of Computer Security

Contact Info

Product

Resources

About