2019
DOI: 10.1093/cybsec/tyz006
|View full text |Cite
|
Sign up to set email alerts
|

To share or not to share: a behavioral perspective on human participation in security information sharing

Abstract: Security information sharing (SIS) is an activity whereby individuals exchange information that is relevant to analyze or prevent cybersecurity incidents. However, despite technological advances and increased regulatory pressure, individuals still seem reluctant to share security information. Few contributions have addressed this conundrum to date. Adopting an interdisciplinary approach, our study proposes a behavioral framework that theorizes how and why human behavior and SIS may be associated. We use psycho… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
5
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
3
2

Relationship

0
10

Authors

Journals

citations
Cited by 17 publications
(5 citation statements)
references
References 75 publications
0
5
0
Order By: Relevance
“…How can policymakers support discovering and disclosing software vulnerabilities in systems, products and services? The vulnerability-sharing process is a subset of cybersecurity information sharing (Libicki, 2015;Mermoud et al, 2019), and the research question covers the two stages that make it valuable for mitigating software vulnerability risks (Rajasooriya et al, 2016).…”
Section: Problem Definitionmentioning
confidence: 99%
“…How can policymakers support discovering and disclosing software vulnerabilities in systems, products and services? The vulnerability-sharing process is a subset of cybersecurity information sharing (Libicki, 2015;Mermoud et al, 2019), and the research question covers the two stages that make it valuable for mitigating software vulnerability risks (Rajasooriya et al, 2016).…”
Section: Problem Definitionmentioning
confidence: 99%
“…The research exhibited the better financial performance of ISAC's participants in comparison to their industry peers. Mermoud et al [16] employed the behavioural theory to investigate the relationships between human activities and the extent of information sharing. The authors conducted a survey among 424 members of the Swiss national ISAC, MELANI-net, of whom 262 responded.…”
Section: Information Sharing and Analysis Centresmentioning
confidence: 99%
“…They found that earning a reputation, gaining promotion, and satisfying curiosity, all had positive effects on employees' attitudes, which in turn affected CTI sharing behavior. Expanding on earlier work taking economic perspectives on information security sharing [28,30], Mermoud et al proposed a behavioral framework theorizing how and why human behavior and sharing of security information may be associated [47]. They highlighted that human behavior may be at the core of the problem why CTI is underutilized despite being beneficial, yet cautioned not to infer that CTI sharing should be mandated as that could achieve the adverse effects of inducing compliance by sharing TI that may not be relevant, accurate, or timely [47].…”
Section: Human Cultural and Organizational Aspectsmentioning
confidence: 99%