Trust and Fairness as Incentives for Compliance with Information Security Policies

6 Pages Posted: 27 Aug 2008

See all articles by Alok Gupta

Alok Gupta

University of Minnesota - Twin Cities - Carlson School of Management

Dmitry Zhdanov

University of Connecticut - Department of Operations & Information Management

Date Written: 2006

Abstract

We consider the problem of enforcing compliance with information security policies in organizations in order to mitigate insider threat. We show that compliance with security policies may be enforced even for myopic, self-interested, agents by providing them proper economic incentives for compliance. Our approach includes several variations of a compliance game between the organization and its inside users in which a bonus is paid for compliance with security policies. We show that compliance may be sustained by emphasizing the continuous, repeated nature of security-related decisions. Alternatively, compliance is more likely to emerge when costs and benefits of increased protection are shared in a fair manner. Our results emphasize the need to build trust between organizational entities, as well as suggest a way to determine compliance bonus in a fair manner.

Suggested Citation

Gupta, Alok and ZHDANOV, DMITRY, Trust and Fairness as Incentives for Compliance with Information Security Policies (2006). Proceedings of the 16th Workshop on Information Technologies and Systems, 2006, Available at SSRN: https://ssrn.com/abstract=1259331 or http://dx.doi.org/10.2139/ssrn.1259331

Alok Gupta

University of Minnesota - Twin Cities - Carlson School of Management ( email )

19th Avenue South
Minneapolis, MN 55455
United States

DMITRY ZHDANOV (Contact Author)

University of Connecticut - Department of Operations & Information Management

2100 Hillside Rd
Unit 1041/OPIM
Storrs, CT 06269-2041
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
72
Abstract Views
699
rank
448,281
PlumX Metrics