Issue No.04 - July/August (2009 vol.7)
Jeffrey K. MacKie-Mason , University of Michigan
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.94
Security problems are incentives problems: we build defenses because people want to do things that (intentionally or inadvertently) cause harm. Yet, much research disregards systematic study of the motivations of smart, responsive, autonomous humans in the loop. Meanwhile, the maturing sciences of motivated behavior offer a growing body of theoretical, statistical, and laboratory evidence on systematic responses to motivations that can be incorporated in the system design toolkit. By adjusting incentives, it's sometimes possible to induce bad guys to stay out, encourage good guys to improve secure practices, and discourage otherwise good guys with system access from becoming delinquent.
S&P economics, incentive-centered design, information security, economics, security
Jeffrey K. MacKie-Mason, "Incentive-Centered Design for Security", IEEE Security & Privacy, vol.7, no. 4, pp. 80-83, July/August 2009, doi:10.1109/MSP.2009.94