To share or not to share: A behavioral perspective on human participation in security information sharing
Détails
Télécharger: Mermoud19JoC.pdf (396.30 [Ko])
Etat: Public
Version: Final published version
Licence: Non spécifiée
Etat: Public
Version: Final published version
Licence: Non spécifiée
ID Serval
serval:BIB_B9A311F41F5F
Type
Article: article d'un périodique ou d'un magazine.
Collection
Publications
Institution
Titre
To share or not to share: A behavioral perspective on human participation in security information sharing
Périodique
Journal of Cybersecurity
ISSN
2057-2085
Statut éditorial
Publié
Date de publication
08/2019
Peer-reviewed
Oui
Volume
5
Numéro
1
Pages
1-13
Langue
anglais
Résumé
Security information sharing (SIS) is an activity whereby individuals exchange information that is relevant to analyze or prevent cybersecurity incidents. However, despite technological advances and increased regulatory pressure, individuals still seem reluctant to share security information. Few contributions have addressed this conundrum to date. Adopting an interdisciplinary approach, our study proposes a behavioral framework that theorizes how and why human behav- ior and SIS may be associated. We use psychometric methods to test these associations, analyzing a unique sample of human Information Sharing and Analysis Center members who share real se- curity information. We also provide a dual empirical operationalization of SIS by introducing the measures of SIS frequency and intensity. We find significant associations between human behavior and SIS. Thus, the study contributes to clarifying why SIS, while beneficial, is underutil- ized by pointing to the pivotal role of human behavior for economic outcomes. It therefore extends the growing field of the economics of information security. By the same token, it informs managers and regulators about the significance of human behavior as they propagate goal alignment and shape institutions. Finally, the study defines a broad agenda for future research on SIS.
Mots-clé
security information sharing, incentives, psychometrics, economics of information security, behavioural economics
Open Access
Oui
Création de la notice
04/06/2019 20:48
Dernière modification de la notice
01/09/2019 6:08