The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.06 - November/December (2011 vol.9)
pp: 20-28
Debin Liu , Websense
Ninghui Li , Purdue University
XiaoFeng Wang , Indiana University
L. Jean Camp , Indiana University
ABSTRACT
The authors propose an incentive-based access control (IBAC) that uses separate mechanisms for controlling aggregated risks and incentivizing users to reduce unnecessary risks. This mechanism encourages users to make necessary accesses while discouraging them from taking unnecessary risks. To achieve this, the authors introduce novel incentive mechanism based on contract theory. They demonstrate that Nash equilibriums can be achieved in which users' optimal strategy is performing the risk-mitigation efforts to minimize their organization's risk; the authors' human-subject studies empirically confirm these theoretical results.
INDEX TERMS
Insider threat, access control, risk management, incentive engineering, human-subject experiment
CITATION
Debin Liu, Ninghui Li, XiaoFeng Wang, L. Jean Camp, "Security Risk Management Using Incentives", IEEE Security & Privacy, vol.9, no. 6, pp. 20-28, November/December 2011, doi:10.1109/MSP.2011.99
REFERENCES
1. Horizontal Integration: Broader Access Models for Realizing Information Dominance, tech. report JSR-04-132, Jason Defense Advisory Panel Reports, Mitre, 2004.
2. P. Bolton and M. Dewatripont, Contract Theory, vol. 1, MIT Press, 2005.
3. M.J. Osborne and A. Rubenstein, A Course in Game Theory, MIT Press, 1994.
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool