Choice and Chance: A Conceptual Model of Paths to Information Security Compromise

Ransbotham, Sam; Mitra, Sabyasachi

doi:10.1287/isre.1080.0174

Cited by 157 publications

(78 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If countermeasures are found, then there is no utility for continued attempts within a firm and overall attack volume does not correspondingly increase with the increased penetration. This supports the conversion from broad untargeted reconnaissance activity to targeted attacks previously theorized (Ransbotham and Mitra 2009). …”

Section: Resultssupporting

confidence: 82%

“…When a patch corresponding to a vulnerability is not available, specific countermeasures can provide partial protection against attacks through three types of countermeasures that limit the impact of a vulnerability (Ransbotham and Mitra 2009): (a) access control methods that limit access to the affected software, (b) feature control methods that disable functionality and features in the affected software and devices, and (c) traffic control methods that filter suspicious traffic based on the attack signature. Similar descriptions of countermeasures also appear in (Ransbotham et al 2011).…”

Section: Attack Penetration and Volume Of Attacksmentioning

confidence: 99%

See 1 more Smart Citation

The Impact of Immediate Disclosure on Attack Diffusion and Volume

Ransbotham

Mitra

2012

Economics of Information Security and Privacy III

Self Cite

View full text Add to dashboard Cite

Section: Resultssupporting

confidence: 82%

Section: Attack Penetration and Volume Of Attacksmentioning

confidence: 99%

The Impact of Immediate Disclosure on Attack Diffusion and Volume

Ransbotham

Mitra

2012

Economics of Information Security and Privacy III

Self Cite

View full text Add to dashboard Cite

“…When users of firm devices grant too many rights to a smartphone app, they might compromise information security. Their usage could open an opportunity for standardized attack patterns like the "Choice and Chance" attack described by Ransbotham and Mitra (2009). Users' adoption decisions can even affect the privacy of uninvolved friends (Pu and Grossklags, 2016).…”

Section: Related Literature and Contributionmentioning

confidence: 99%

When Private Information Settles the Bill: Money and Privacy in Google's Market for Smartphone Applications

Kummer

Schulte

2016

SSRN Journal

View full text Add to dashboard Cite

Die Dis cus si on Pape rs die nen einer mög lichst schnel len Ver brei tung von neue ren For schungs arbei ten des ZEW. Die Bei trä ge lie gen in allei ni ger Ver ant wor tung der Auto ren und stel len nicht not wen di ger wei se die Mei nung des ZEW dar.Dis cus si on Papers are inten ded to make results of ZEW research prompt ly avai la ble to other eco no mists in order to encou ra ge dis cus si on and sug gesti ons for revi si ons. The aut hors are sole ly respon si ble for the con tents which do not neces sa ri ly repre sent the opi ni on of the ZEW. AbstractWe shed light on a money-for-privacy trade-off in the market for smartphone applications ("apps"). Developers offer their apps cheaper in return for greater access to personal information, and consumers choose between lower prices and more privacy. We provide evidence for this pattern using data on 300,000 mobile applications which were obtained from the Android Market in 2012 and 2014. We augmented these data with information from Alexa.com and Amazon Mechanical Turk. Our findings show that both the market's supply and the demand side consider an app's ability to collect private information, measured by their use of privacy-sensitive permissions: (1) cheaper apps use more privacy-sensitive permissions; (2) installation numbers are lower for apps with sensitive permissions; (3) circumstantial factors, such as the reputation of app developers, mitigate the strength of this relationship. Our results emerge consistently across several robustness checks, including the use of panel data analysis, the use of selected matched "twin"-pairs of apps and the use of various alternative measures of privacy-sensitiveness.JEL Classification: D12, D22, L15, L86

show abstract

“…A primary concern over the use of teleworking and mobile devices has been security over the integrity of the data (Dinev & Hu, 2007;Ransbotham & Mitra, 2008).…”

Section: Empirical Research In Information Security and Assurancementioning

confidence: 99%

Examination of the Factors that Influence Teleworkers' Willingness to Comply with Information Security Guidelines

Godlove

2012

Information Security Journal: A Global Perspective

View full text Add to dashboard Cite

With the increased use of teleworkers, it is important to understand how teleworker attitudes are related to willingness to accept and follow guidelines that maintain data security in the telework environment. The objective of the study was to evaluate the application of the theory of planned behavior and the idea of subjective norms as a means of explaining teleworker compliance in using information technology (IT) security guidelines in a telework environment. A sample of 150 respondents who considered themselves formal and informal teleworkers and were eligible for membership in The Telework Exchange completed a Teleworker Security Survey. Descriptive and linear regression analyses were used to determine relationships existing between willingness to follow organizational teleworker data information security guidelines and practices. The findings of the analyses demonstrated that Personal Attitude, Social Pressure, and Sense of Control represented a weak to moderate model for explaining teleworker willingness to follow an organization's security guidelines. This study is significant to organizations with teleworkers by identifying insight on the risks of teleworkers to data security, knowledge about what they can do to protect the confidentiality and integrity of data, and the intent of teleworkers to follow security protocols in a telework environment.

show abstract

Choice and Chance: A Conceptual Model of Paths to Information Security Compromise

Cited by 157 publications

References 52 publications

The Impact of Immediate Disclosure on Attack Diffusion and Volume

The Impact of Immediate Disclosure on Attack Diffusion and Volume

When Private Information Settles the Bill: Money and Privacy in Google's Market for Smartphone Applications

Examination of the Factors that Influence Teleworkers' Willingness to Comply with Information Security Guidelines

Contact Info

Product

Resources

About