scispace - formally typeset
Search or ask a question
Author

Mark Rounds

Bio: Mark Rounds is an academic researcher from University of Idaho. The author has contributed to research in topics: Computer security model & Security information and event management. The author has an hindex of 4, co-authored 9 publications receiving 42 citations.

Papers
More filters
Proceedings ArticleDOI
29 Aug 2009
TL;DR: This paper is a literature review examining whether attacker motivations are homogenous or heterogeneous, part of an ongoing research effort to characterize system attackers with the goal of helping to mold policy decisions.
Abstract: --Dealing with network security requires knowledge of the attacker. The question of attacker motivations is complex. This paper is a literature review examining whether attacker motivations are homogenous or heterogeneous. This is part of an ongoing research effort to characterize system attackers with the goal of helping to mold policy decisions.

13 citations

Journal ArticleDOI
TL;DR: A theoretically sound model linking student and system security characteristics to students' security behaviors is developed and presented and the empirical results show that training to use security measures has no impact on students'Security behaviors while experience with security does.
Abstract: Information systems administrators face a difficult balance between providing sufficient security to protect the organization's computing resources while not inhibiting the appropriate use of these resources. Striking this balance is particularly difficult in higher education due to the diversity of computer uses and users. This is accentuated by one large, diverse user group, namely students. To facilitate striking such a balance, a better understanding of students' motivations to use security measures is useful. A theoretically sound model linking student and system security characteristics to students' security behaviors is developed and presented in this paper. The model is operationalized using student responses to a web-based questionnaire. The empirical results show that training to use security measures has no impact on students' security behaviors while experience with security does. Furthermore, ease of security use positively impacts students' security behaviors through security self-efficacy. The influence of peers has similar impacts through security outcome expectancy.

10 citations

Journal ArticleDOI
TL;DR: Results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value, and policy makers should be aware of where they are in the state space before setting IT security policy.
Abstract: The value of IS security is evaluated by simulating interactions between an information system, its users, and a population of attackers. Results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value. This implies that IT security policy makers should be aware of where they are in the state space before setting IT security policy.

7 citations

Proceedings ArticleDOI
07 Jan 2013
TL;DR: Experimental work that investigates the validity of assumptions that attackers were assumed to respond to changes in reward and security with a declining S shaped curve suggests that the assumptions are reasonable.
Abstract: In previous simulation studies, attackers were assumed to respond to changes in reward with an S shaped curve and to changes in security with a declining S shaped curve. This paper reports experimental work that investigates the validity of those assumptions. In general, the results suggest that the assumptions are reasonable.

4 citations

Proceedings ArticleDOI
18 Mar 2005
TL;DR: Simulation results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value, and policy implications include the realization that IT security policy makers should be aware of their location in the state space before setting ITSecurity policy.
Abstract: Determination of the actual value of security measures is an area currently undergoing scrutiny by many researchers. One method to determine this is to devise a simulation model that incorporates interactions between an information system, its users and a population of attackers. Initial simulation results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value. Policy implications include the realization that IT security policy makers should be aware of their location in the state space before setting IT security policy.

4 citations


Cited by
More filters
Journal ArticleDOI
TL;DR: A model for customer relationship management (CRM) using iThink^(R), which incorporates the concept of system dynamics, which not only gives insights into the product development, but can also support the decisions related to marketing activities.
Abstract: This paper proposes a model for customer relationship management (CRM) using iThink^(R), which incorporates the concept of system dynamics. The proposed CRM model consists of module 1: a customer purchasing behavior model, module 2: a Markov chain model, and module 3: a financial returns model. By considering the marketing activities and product attractiveness to the customer, the probability that a customer will (re)purchase can be modeled in module 1. The probabilities are then fitted into module 2 for the calculation of customer lifetime value (CLV). The estimated CLV for each customer is inputted into module 3 to predict the firm's return on investment in the long term. By defining the parameters on the attractiveness of a product and on user responses from historical marketing campaigns, a firm can easily evaluate its business strategy from both marketing and product development perspectives, thereby refining those parameters and adopting the best strategy for creating customer value and yielding the maximum profit. A case study of a listed firm in Hong Kong is employed to illustrate our model, which not only gives insights into the product development, but can also support the decisions related to marketing activities.

67 citations

Journal ArticleDOI
TL;DR: A survey of online learning attempts to determine online learning providers’ awareness of potential security risks and the protection measures that will diminish them, using a combination of two methods: blog mining and a traditional literature search.
Abstract: This paper describes a survey of online learning which attempts to determine online learning providers’ awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have identified diverse security risks and have proposed solutions to mitigate the security threats in online learning, bloggers have not discussed security in online learning with great frequency. The differences shown in the survey results generated by the two different methods confirm that online learning providers and practitioners have not considered security as a top priority. The paper also discusses the next generation of an online learning system: a safer personal learning environment which requires a one-stop solution for authentication, assures the security of online assessments, and balances security and usability.

61 citations

Proceedings ArticleDOI
11 Jun 2018
TL;DR: Behavioral economics experiments are conducted to model the rationality of end-user security decision-making in a realistic online experimental system simulating a bank account, and it is shown theoretically that a "one-size-fits-all" emphasis on security can lead to market losses, but that adoption by a subset of users with higher risks or lower costs canlead to market gains.
Abstract: Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct behavioral economics experiments to model the rationality of end-user security decision-making in a realistic online experimental system simulating a bank account. We ask participants to make a financially impactful security choice, in the face of transparent risks of account compromise and benefits offered by an optional security behavior (two-factor authentication). We measure the cost and utility of adopting the security behavior via measurements of time spent executing the behavior and estimates of the participant's wage. We find that more than 50% of our participants made rational (e.g., utility optimal) decisions, and we find that participants are more likely to behave rationally in the face of higher risk. Additionally, we find that users' decisions can be modeled well as a function of past behavior (anchoring effects), knowledge of costs, and to a lesser extent, users' awareness of risks and context (R2=0.61). We also find evidence of endowment effects, as seen in other areas of economic and psychological decision-science literature, in our digital-security setting. Finally, using our data, we show theoretically that a "one-size-fits-all" emphasis on security can lead to market losses, but that adoption by a subset of users with higher risks or lower costs can lead to market gains.

37 citations

Journal ArticleDOI
TL;DR: The results showed that both ease of e-textbook use and verbal persuasion/social norm positively influence behavioral intentions to purchase an e- Textbook through both self-efficacy and outcome expectancy/usefulness.
Abstract: Textbooks have played an important role in education for decades. Given the significant number of technology applications in education, it is not surprising that at least one such application is the electronic textbook (e-textbook). There are a variety of motivations to adopt an e-textbook, including frequent content updates and low costs. The research presented here examines students’ behavioral intentions to purchase an e-textbook when given the choice. The theoretical foundation of the research is provided by social cognitive theory. The data used in the empirical study were collected by distributing a questionnaire to students at a medium-sized university in the western United States. Student responses used in the analysis all reported prior use of an e-textbook. The model was estimated using a structural equations approach. The results showed that both ease of e-textbook use and verbal persuasion/social norm positively influence behavioral intentions to purchase an e-textbook through both self-efficacy and outcome expectancy/usefulness. Previous computer experience positively influences behavioral intentions to purchase an e-textbook only through self-efficacy. Based on these results, conclusions are provided.

32 citations

Proceedings ArticleDOI
TL;DR: In this article, behavioral economics experiments were conducted to model the rationality of end-user security decision-making in a realistic online experimental system simulating a bank account, where participants were asked to make a financially impactful security choice, in the face of transparent risks of account compromise and benefits offered by an optional security behavior (two-factor authentication).
Abstract: Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct behavioral economics experiments to model the rationality of end-user security decision-making in a realistic online experimental system simulating a bank account. We ask participants to make a financially impactful security choice, in the face of transparent risks of account compromise and benefits offered by an optional security behavior (two-factor authentication). We measure the cost and utility of adopting the security behavior via measurements of time spent executing the behavior and estimates of the participant's wage. We find that more than 50% of our participants made rational (e.g., utility optimal) decisions, and we find that participants are more likely to behave rationally in the face of higher risk. Additionally, we find that users' decisions can be modeled well as a function of past behavior (anchoring effects), knowledge of costs, and to a lesser extent, users' awareness of risks and context (R2=0.61). We also find evidence of endowment effects, as seen in other areas of economic and psychological decision-science literature, in our digital-security setting. Finally, using our data, we show theoretically that a "one-size-fits"-all emphasis on security can lead to market losses, but that adoption by a subset of users with higher risks or lower costs can lead to market gains.

27 citations