scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

A simulation model of IS security

18 Mar 2005-pp 172-177
TL;DR: Simulation results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value, and policy implications include the realization that IT security policy makers should be aware of their location in the state space before setting ITSecurity policy.
Abstract: Determination of the actual value of security measures is an area currently undergoing scrutiny by many researchers. One method to determine this is to devise a simulation model that incorporates interactions between an information system, its users and a population of attackers. Initial simulation results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value. Policy implications include the realization that IT security policy makers should be aware of their location in the state space before setting IT security policy.
Citations
More filters
Journal ArticleDOI
TL;DR: A model for customer relationship management (CRM) using iThink^(R), which incorporates the concept of system dynamics, which not only gives insights into the product development, but can also support the decisions related to marketing activities.
Abstract: This paper proposes a model for customer relationship management (CRM) using iThink^(R), which incorporates the concept of system dynamics. The proposed CRM model consists of module 1: a customer purchasing behavior model, module 2: a Markov chain model, and module 3: a financial returns model. By considering the marketing activities and product attractiveness to the customer, the probability that a customer will (re)purchase can be modeled in module 1. The probabilities are then fitted into module 2 for the calculation of customer lifetime value (CLV). The estimated CLV for each customer is inputted into module 3 to predict the firm's return on investment in the long term. By defining the parameters on the attractiveness of a product and on user responses from historical marketing campaigns, a firm can easily evaluate its business strategy from both marketing and product development perspectives, thereby refining those parameters and adopting the best strategy for creating customer value and yielding the maximum profit. A case study of a listed firm in Hong Kong is employed to illustrate our model, which not only gives insights into the product development, but can also support the decisions related to marketing activities.

67 citations

Proceedings ArticleDOI
29 Aug 2009
TL;DR: This paper is a literature review examining whether attacker motivations are homogenous or heterogeneous, part of an ongoing research effort to characterize system attackers with the goal of helping to mold policy decisions.
Abstract: --Dealing with network security requires knowledge of the attacker. The question of attacker motivations is complex. This paper is a literature review examining whether attacker motivations are homogenous or heterogeneous. This is part of an ongoing research effort to characterize system attackers with the goal of helping to mold policy decisions.

13 citations

Proceedings ArticleDOI
07 Jan 2013
TL;DR: Experimental work that investigates the validity of assumptions that attackers were assumed to respond to changes in reward and security with a declining S shaped curve suggests that the assumptions are reasonable.
Abstract: In previous simulation studies, attackers were assumed to respond to changes in reward with an S shaped curve and to changes in security with a declining S shaped curve. This paper reports experimental work that investigates the validity of those assumptions. In general, the results suggest that the assumptions are reasonable.

4 citations


Additional excerpts

  • ...Previous work [42] [43] [44] [45] has modeled the attacker/user relationship (Figure 1)....

    [...]

Proceedings ArticleDOI
29 Aug 2009
TL;DR: The interaction between an information system, its users, and a variable population of attackers is simulated, and passive defense proves efficacious against only some attacker types.
Abstract: —The interaction between an information system, its users, and a variable population of attackers is simulated. The attacker population grows according to one or more growth processes reflecting different attacker motivations. Passive defense proves efficacious against only some attacker types.

Cites background from "A simulation model of IS security"

  • ...Keywords-computer security; simulation I. INTRODUCTION This paper is part of a research program to develop a dynamic systems model of cyber attacks with the end of identifying useful policy implications....

    [...]

References
More filters
01 Jan 1989
TL;DR: Regression analyses suggest that perceived ease of use may actually be a causal antecdent to perceived usefulness, as opposed to a parallel, direct determinant of system usage.

40,975 citations

Journal ArticleDOI
TL;DR: In this article, the authors developed and validated new scales for two specific variables, perceived usefulness and perceived ease of use, which are hypothesized to be fundamental determinants of user acceptance.
Abstract: Valid measurement scales for predicting user acceptance of computers are in short supply. Most subjective measures used in practice are unvalidated, and their relationship to system usage is unknown. The present research develops and validates new scales for two specific variables, perceived usefulness and perceived ease of use, which are hypothesized to be fundamental determinants of user acceptance. Definitions of these two variables were used to develop scale items that were pretested for content validity and then tested for reliability and construct validity in two studies involving a total of 152 users and four application programs. The measures were refined and streamlined, resulting in two six-item scales with reliabilities of .98 for usefulness and .94 for ease of use. The scales exhibited hgih convergent, discriminant, and factorial validity. Perceived usefulness was significnatly correlated with both self-reported current usage r = .63, Study 1) and self-predicted future usage r = .85, Study 2). Perceived ease of use was also significantly correlated with current usage r = .45, Study 1) and future usage r = .59, Study 2). In both studies, usefulness had a signficnatly greater correaltion with usage behavior than did ease of use. Regression analyses suggest that perceived ease of use may actually be a causal antecdent to perceived usefulness, as opposed to a parallel, direct determinant of system usage. Implications are drawn for future research on user acceptance.

40,720 citations

Book
01 Jan 1962
TL;DR: A history of diffusion research can be found in this paper, where the authors present a glossary of developments in the field of Diffusion research and discuss the consequences of these developments.
Abstract: Contents Preface CHAPTER 1. ELEMENTS OF DIFFUSION CHAPTER 2. A HISTORY OF DIFFUSION RESEARCH CHAPTER 3. CONTRIBUTIONS AND CRITICISMS OF DIFFUSION RESEARCH CHAPTER 4. THE GENERATION OF INNOVATIONS CHAPTER 5. THE INNOVATION-DECISION PROCESS CHAPTER 6. ATTRIBUTES OF INNOVATIONS AND THEIR RATE OF ADOPTION CHAPTER 7. INNOVATIVENESS AND ADOPTER CATEGORIES CHAPTER 8. DIFFUSION NETWORKS CHAPTER 9. THE CHANGE AGENT CHAPTER 10. INNOVATION IN ORGANIZATIONS CHAPTER 11. CONSEQUENCES OF INNOVATIONS Glossary Bibliography Name Index Subject Index

38,750 citations

Journal ArticleDOI
TL;DR: A large number of studies have been conducted during the last decade and a half attempting to identify those factors that contribute to information systems success, but the dependent variable in these studies-I/S success-has been an elusive one to define.
Abstract: A large number of studies have been conducted during the last decade and a half attempting to identify those factors that contribute to information systems success. However, the dependent variable in these studies-I/S success-has been an elusive one to define. Different researchers have addressed different aspects of success, making comparisons difficult and the prospect of building a cumulative tradition for I/S research similarly elusive. To organize this diverse research, as well as to present a more integrated view of the concept of I/S success, a comprehensive taxonomy is introduced. This taxonomy posits six major dimensions or categories of I/S success-SYSTEM QUALITY, INFORMATION QUALITY, USE, USER SATISFACTION, INDIVIDUAL IMPACT, and ORGANIZATIONAL IMPACT. Using these dimensions, both conceptual and empirical studies are then reviewed a total of 180 articles are cited and organized according to the dimensions of the taxonomy. Finally, the many aspects of I/S success are drawn together into a descriptive model and its implications for future I/S research are discussed.

10,023 citations

Journal ArticleDOI
TL;DR: In fact, some common properties are shared by practically all legislation, and these properties form the subject matter of this essay as discussed by the authors, which is the basis for this essay. But, in spite of such diversity, some commonsense properties are not shared.
Abstract: Since the turn of the twentieth century, legislation in Western countries has expanded rapidly to reverse the brief dominance of laissez faire during the nineteenth century. The state no longer merely protects against violations of person and property through murder, rape, or burglary but also restricts ‘discrimination’ against certain minorities, collusive business arrangements, ‘jaywalking’, travel, the materials used in construction, and thousands of other activities. The activities restricted not only are numerous but also range widely, affecting persons in very different pursuits and of diverse social backgrounds, education levels, ages, races, etc. Moreover, the likelihood that an offender will be discovered and convicted and the nature and extent of punishments differ greatly from person to person and activity to activity. Yet, in spite of such diversity, some common properties are shared by practically all legislation, and these properties form the subject matter of this essay.

9,613 citations