Incentives for Human Agents to Share Security Information: a Model and an Empirical Test
Détails
Télécharger: Mermoud18WEIS.pdf (469.20 [Ko])
Etat: Public
Version: de l'auteur⸱e
Licence: Non spécifiée
Etat: Public
Version: de l'auteur⸱e
Licence: Non spécifiée
ID Serval
serval:BIB_9A5416D0FB60
Type
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Collection
Publications
Institution
Titre
Incentives for Human Agents to Share Security Information: a Model and an Empirical Test
Titre de la conférence
Proceedings of the 17th Workshop on the Economics of Information Security (WEIS)
Adresse
Innsbruck, Austria
Statut éditorial
Publié
Date de publication
06/2018
Peer-reviewed
Oui
Langue
anglais
Résumé
In this paper, we investigate the role of incentives for Security Information Sharing (SIS)
between human agents working in institutions. We present an incentive-based SIS system model
that is empirically tested with an exclusive dataset. The data was collected with an online
questionnaire addressed to all participants of a deployed Information Sharing and Analysis
Center (ISAC) that operates in the context of critical infrastructure protection (N=262). SIS is
measured with a multidimensional approach (intensity, frequency) and regressed on five
specific predicators (reciprocity, value of information, institutional barriers, reputation, trust)
that are measured with psychometric scales. We close an important research gap by providing,
to the best of our knowledge, the first empirical analysis on previous theoretical work that
assumes SIS to be beneficial. Our results show that institutional barriers have a strong
influence on our population, i.e., SIS decision makers in Switzerland. This lends support to a
better institutional design of ISACs and the formulation of incentive-based policies that can
avoid non-cooperative and free-riding behaviours. Both frequency and intensity are influenced
by the extent to which decision makers expect to receive valuable information in return for SIS,
which supports the econometric structure of our multidimensional model. Finally, our policy
recommendations support the view that the effectiveness of mandatory security-breach
reporting to authorities is limited. Therefore, we suggest that a conducive and lightly regulated
SIS environment – as in Switzerland – with positive reinforcement and indirect suggestions can
“nudge” SIS decision makers to adopt a productive sharing behaviour.
between human agents working in institutions. We present an incentive-based SIS system model
that is empirically tested with an exclusive dataset. The data was collected with an online
questionnaire addressed to all participants of a deployed Information Sharing and Analysis
Center (ISAC) that operates in the context of critical infrastructure protection (N=262). SIS is
measured with a multidimensional approach (intensity, frequency) and regressed on five
specific predicators (reciprocity, value of information, institutional barriers, reputation, trust)
that are measured with psychometric scales. We close an important research gap by providing,
to the best of our knowledge, the first empirical analysis on previous theoretical work that
assumes SIS to be beneficial. Our results show that institutional barriers have a strong
influence on our population, i.e., SIS decision makers in Switzerland. This lends support to a
better institutional design of ISACs and the formulation of incentive-based policies that can
avoid non-cooperative and free-riding behaviours. Both frequency and intensity are influenced
by the extent to which decision makers expect to receive valuable information in return for SIS,
which supports the econometric structure of our multidimensional model. Finally, our policy
recommendations support the view that the effectiveness of mandatory security-breach
reporting to authorities is limited. Therefore, we suggest that a conducive and lightly regulated
SIS environment – as in Switzerland – with positive reinforcement and indirect suggestions can
“nudge” SIS decision makers to adopt a productive sharing behaviour.
Site de l'éditeur
Open Access
Oui
Création de la notice
08/04/2018 15:24
Dernière modification de la notice
20/08/2019 15:01