Modeling behavioral considerations related to information security

Computers and Security

Volumn 30, Issue 6-7, 2011, Pages 397-409

  Martinez Moyano, Ignacio J ^a,b   Conrad, Stephen H ^c   Andersen, David F ^d  

^a ARGONNE NATIONAL LABORATORY   (United States)

^b UNIVERSITY OF CHICAGO   (United States)

^c SANDIA NATIONAL LABORATORIES   (United States)

^d STATE UNIVERSITY OF NEW YORK   (United States)

Author keywords

Computer security; Computer simulation; Experimental data; Information security; Judgment and decision making; Learning; Modeling; System dynamics; Theory integration; Threat detection

Indexed keywords

EXPERIMENTAL DATA; JUDGMENT AND DECISION-MAKING; LEARNING; SYSTEM DYNAMICS; THEORY INTEGRATION; THREAT DETECTION;

BEHAVIORAL RESEARCH; COMPUTER SIMULATION; DECISION MAKING; MATHEMATICAL MODELS; SECURITY SYSTEMS;

SECURITY OF DATA;

EID: 80051804223     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2011.03.001     Document Type: Article

References (72)

1. E. Albrechtsen A qualitative study of users' view on information security Computers & Security 26 4 2007 276 289 (Pubitemid 46873753)
2. E. Albrechtsen, and J. Hovden The information security digital divide between information security managers and users Computers & Security 28 6 2009 476 490
3. E. Albrechtsen, and J. Hovden Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study Computers & Security 29 4 2010 432 445
4. Andersen DF, Cappelli D, Gonzalez JJ, Mojtahedzadeh M, Moore A, Rich E, Sarriegui JM, Shimeall TJ, Stanton J, Weaver E, & Zagonel A. Preliminary System Dynamics Maps of the Insider Cyber-threat Problem. Paper presented at the Proceedings of the 22nd International Conference of the System Dynamics Society, Oxford, UK; 2004.
5. W.R. Ashby An introduction to cybernetics 1956 Chapman & Hall London
6. W.R. Ashby Requisite variety and its implications for the control of complex systems Cybernetica 1 2 1958 83 99
7. Y. Barlas Formal aspects of model validity and validation in system dynamics System Dynamics Review 12 3 1996 183 210 (Pubitemid 126646439)
8. H.R. Bernard Social research methods: qualitative and quantitative approaches 2000 Sage Publications, Inc Thousand Oaks, CA
9. J. Brewer, and A. Hunter Multimethod research: a synthesis of styles 1989 Sage Publications Inc Newbury Park, CA
10. E. Brunswik Organismic achievement and environmental probability Psychological Review 50 1943 255 272
11. E. Brunswik Perception and the representative design of psychological experiments 1956 University of California Press Berkeley, CA
12. R.M. Burton, and B. Obel The validity of computational models in organization science: from model realism to purpose of the model Computational & Mathematical Organization Theory 1 1 1995 57 71
13. C. Camerer, and T. Ho Experienced-weighted attraction learning in normal games Econometrica 67 4 1999 827 874
14. C.F. Chabris, and D.J. Simons The invisible gorilla: and other ways our intuitions deceive us 2010 Crown New York
15. A. Da Veiga, and J.H.P. Eloff A framework and assessment instrument for information security culture Computers & Security 29 2 2010 196 207
16. M.T. Dlamini, J.H.P. Eloff, and M.M. Eloff Information security: the moving target Computers & Security 28 3-4 2009 189 198
17. J.R.C. Dodge, C. Carver, and A.J. Ferguson Phishing for user security awareness Computers & Security 26 1 2007 73 80 (Pubitemid 46216498)
18. L. Drevin, H.A. Kruger, and T. Steyn Value-focused assessment of ICT security awareness in an academic environment Computers & Security 26 1 2007 36 43 (Pubitemid 46216494)
19. I. Erev Signal detection by human observers: A cutoff reinforcement learning model of categorization decisions under uncertainty Psychological Review 105 1998 280 298 (Pubitemid 128457848)
20. I. Erev, D. Gopher, R. Itkin, and Y. Greenshpan Toward a generalization of signal detection theory to n-person games: the example of two-person safety problem Journal of Mathematical Psychology 39 1995 360 375
21. N. Feltovich Reinforcement-based vs. belief-based learning models in experimental asymmetric-information games Econometrica 68 3 2000 605 641
22. J.W. Forrester Industrial dynamics 1961 Productivity Press Cambridge, MA
23. J.W. Forrester, and P.M. Senge Tests for building confidence in system dynamics models TIMS Studies in Management Sciences 14 1980 209 228
24. S. Furnell Making security usable: are things improving? Computers & Security 26 6 2007 434 443 (Pubitemid 47268096)
25. E.B. Goldstein Cognitive psychology: connecting mind, research, and everyday experience 2005 Thomson Wadworth Belmont, CA
26. J.J. Gonzalez From modeling to managing security: a system dynamics approach 2003 Høyskoleforlaget/Norwegian Academic Press Kristiansand, Norway
27. S.P. Goring, J.R. Rabaiotti, and A.J. Jones Anti-keylogging measures for secure Internet login: an example of the law of unintended consequences Computers & Security 26 6 2007 421 426 (Pubitemid 47268094)
28. D.M. Green, and J.A. Swets Signal detection theory and psychophysics 1966 John Wiley New York
29. D.C. Hambrick, and M.-J. Chen New academic fields as admittance-seeking social movements: the case of strategic management Academy of Management Review 33 1 2007 32 54
30. K.R. Hammond Human judgment and social policy: irreducible uncertainty, inevitable error, unavoidable injustice 1996 Oxford University Press New York
31. K.R. Hammond Judgments under stress 2000 Oxford University Press New York
32. K.R. Hammond, G.H. McClelland, and J. Mumpower Human judgment and decision making: theories, methods, and procedures 1980 Praeger New York
33. K.R. Hammond, and T.R. Stewart The essential brunswik: beginnings, explications, applications 2001 Oxford University Press New York
34. K.R. Hammond, T.R. Stewart, B. Brehmer, and D.O. Steinmann Social judgment theory M.F. Kaplan, S. Schwarts, Human judgment and decision processes 1975 Academic Press New York 271 312
35. D. Kahneman, P. Slovic, and A. Tversky Judgment under uncertainty: heuristics and biases 1982 Cambridge University Press New York
36. D. Kahneman, and A. Tversky The psychology of preferences Scientific American 246 1982 160 173 (Pubitemid 12178653)
37. M.M. Keeney, and E.F. Kowalski Insider threat study: computer system sabotage in critical infrastructure sectors 2005 CERT
38. J. Klayman Learning from feedback in probabilistic environments Acta Psychologica 56 1984 81 92
39. J. Klayman Cue discovery in probabilistic environments: uncertainty and experimentation Learning, Memory, and Cognition 14 2 1988 317 330
40. K.J. Knapp, R. Franklin Morris Jr., T.E. Marshall, and T.A. Byrd Information security policy: an organizational-level process model Computers & Security 28 7 2009 493 508
41. D.A. Kolb Experiential learning: experience as the source of learning and development 1984 Prentice-Hall New York
42. S. Kraemer, P. Carayon, and J. Clem Human and organizational factors in computer and information security: pathways to vulnerabilities Computers & Security 28 7 2009 509 520
43. D. Liginlal, I. Sim, and L. Khansa How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management Computers & Security 28 3-4 2009 215 228
44. N.A. Macmillan, and C.D. Creelman Detection theory: a user's guide 2005 Lawrence Erlbaum Associates New York
45. W.T. Maddox, and C.J. Bohil Base-rate and payoff effects in multidimensional perceptual categorization Journal of Experimental Psychology: Learning, Memory, and Cognition 24 6 1998 1459 1482 (Pubitemid 126528693)
46. I.J. Martinez-Moyano, E. Rich, and S. Conrad Exploring the detection process: integrating judgment and outcome decomposition Lecture Notes in Computer Science 3975 2006 701 703 (Pubitemid 44045644)
47. I.J. Martinez-Moyano, E. Rich, S. Conrad, D.F. Andersen, and T.R. Stewart A behavioral theory of insider-threat risks: a system dynamics approach ACM Transactions on Modeling Computer Simulation 18 2 2008 1 27
48. Martinez-Moyano IJ, Richardson GP. An Expert View of the System Dynamics Modeling Process: Concurrences and Divergences Searching for Best Practices in System Dynamics Modeling. Paper presented at the 20th International Conference of the System Dynamics Society, Palermo, Italy; 2002.
49. C. Melara, J.M. Sarriegui, J.J. Gonzalez, A. Sawicka, and D.L. Cooke A system dynamics model of an insider attack on an information system J.J. Gonzalez, From modeling to managing security: a system dynamics approach 2003 Høyskoleforlaget AS - Norwegian Academic Press Kristiansand, Norway 9 36
50. I. Newman, and C.R. Benz Qualitative-quantitative research methodology: exploring the interactive continuum 1998 Southern Illinois University Press Carbondale, IL
51. ® module to calculate summary statistics for historical fit, D-memo files vol. D-4584 1995 System Dynamics Group, MIT Cambridge, MA
52. R. Oliva Model calibration as a testing strategy for system dynamics models European Journal of Operational Research 151 3 2003 552 568
53. F. Palmieri, and U. Fiore Network anomaly detection through nonlinear analysis Computers & Security 29 7 2010 737 755
54. M.R. Randazzo, M.M. Keeney, E.F. Kowalski, D.M. Cappelli, and A.P. Moore Insider threat study: illicit cyber activity in the banking and finance sector: 25 2004 U.S. Secret Service and CERT Coordination Center/Software Engineering Institute
55. Rich E, Gonzalez J J. Maintaining security and safety in high-threat e-operations transitions. Paper presented at the 39th Hawaii International Conference on System Sciences, Hawaii; 2006.
56. Rich E, Martinez-Moyano, IJ, Conrad S, Moore AP, Cappelli DM, Shimeall TJ, Andersen DF, Gonzalez JJ, Ellison RJ, Lipson HF, Mundie DA, Sarriegui JM, Sawicka A, Stewart, TR, Torres JM, Weaver EA, Wiik J, Zagonel AA. Simulating insider cyber-threat risks: a model-based case and a case-based model. Paper presented at the International Conference of the System Dynamics Society, Cambridge, MA; 2005.
57. G.P. Richardson, and A.L. Pugh Introduction to system dynamics modeling 1989 Pegasus Communications, Inc Waltham
58. A.B. Ruighaver, S.B. Maynard, and S. Chang Organisational security culture: extending the end-user perspective Computers & Security 26 1 2007 56 62 (Pubitemid 46216497)
59. P.M. Senge The fifth discipline: the art and practice of the learning organization Revised ed 2006 Currency Doubleday New York, NY
60. J.D. Sterman Appropriate summary statistics for evaluating the historical fit of system dynamics models Dynamica 10 Winter 1984 51 66
61. J.D. Sterman Business dynamics: systems thinking and modeling for a complex world 2000 Irwin McGraw-Hill Boston, MA
62. T. Stewart Judgment analysis: procedures B. Brehmer, C.R.B. Joyce, Human judgment: the SJT view 1988 North-Holland Amsterdam
63. T.R. Stewart Uncertainty, judgment, and error in prediction D. Sarewitz, R.A. Pielke, R. Byerly, Prediction: science, decision making, and the future of nature 1st ed. 2000 Island Press Washington, D.C. 41 57
64. T.R. Stewart, and C.M. Lusk Seven components of judgmental forecasting skill: implications for research and the improvement of forecasts Journal of Forecasting 13 1994 579 599
65. J. Swets The science of choosing the right decision threshold in high-stakes diagnostics American Psychologist 47 4 1992 522 532
66. J.A. Swets The relative operating characteristic in psychology Science 182 4116 1973 990 1000
67. N.N. Taleb Fooled by randomness: the hiddent role of chance in life and in the markets 2nd ed. 2004 Random House Trade Paperbacks New York, NY
68. C. Vroom, and R. von Solms Towards information security behavioural compliance Computers & Security 23 3 2004 191 198
69. E. Weaver, and G.P. Richardson Threshold setting and the cycling of a decision threshold System Dynamics Review 22 1 2006 1 26
70. M. Workman A behaviorist perspective on corporate harassment online: Validation of a theoretical model of psychological motives Computers & Security 29 8 2010 831 839
71. G. Wu Anxiety and decision making with delayed resolution of uncertainty Theory and Decisions 46 1999 159 198 (Pubitemid 129575797)
72. M. Yu, and X.-Y. Zhou An adaptive method for anomaly detection in symmetric network traffic Computers & Security 26 6 2007 427 433 (Pubitemid 47268095)