research-article

Risk Homeostasis in Information Security: Challenges in Confirming Existence and Verifying Impact

Authors:
Karen Renaud

School of Arts, Media and Computer Games, Abertay University, Scotland, University of South Africa

School of Arts, Media and Computer Games, Abertay University, Scotland, University of South Africa
View Profile

,
Merrill Warkentin

College of Business, Mississippi State University, MS, USA

College of Business, Mississippi State University, MS, USA
View Profile

NSPW '17: Proceedings of the 2017 New Security Paradigms WorkshopOctober 2017Pages 57–69https://doi.org/10.1145/3171533.3171534

Published:01 October 2017Publication History

NSPW '17: Proceedings of the 2017 New Security Paradigms Workshop

Pages 57–69

ABSTRACT

The central premise behind risk homeostasis theory is that humans adapt their behaviors, based on external factors, to align with a personal risk tolerance level. In essence, this means that the safer or more secure they feel, the more likely it is that they will behave in a risky manner. If this effect exists, it serves to restrict the ability of risk mitigation techniques to effect improvements.

The concept is hotly debated in the safety area. Some authors agree that the effect exists, but also point out that it is poorly understood and unreliably predicted. Other re-searchers consider the entire concept fallacious. It is important to gain clarity about whether the effect exists, and to gauge its impact if such evidence can indeed be found.

In this paper we consider risk homeostasis in the context of information security. Similar to the safety area, information security could well be impaired if a risk homeostasis effect neutralizes the potential benefits of risk mitigation measures. If the risk homeostasis effect does indeed exist and does impact risk-related behaviors, people will simply elevate risky behaviors in response to feeling less vulnerable due to following security procedures and using protective technologies.

Here we discuss, in particular, the challenges we face in confirming the existence and impact of the risk homeostasis effect in information security, especially in an era of ethical research practice.

References

John Adams and Mayer Hillman. 2001. The risk compensation theory and bicycle helmets. Injury Prevention 7, 2 (2001), 89--91.Google ScholarCross Ref
John G U Adams. 1983. Public safety legislation and the risk compensation hypothesis: the example of motorcycle helmet legislation. Environment and Planning C: Government and Policy 1, 2 (1983), 193--203.Google ScholarCross Ref
Icek Ajzen. 2002. Perceived behavioral control, self-efficacy, locus of control, and the theory of planned behavior. Journal of Applied Social Psychology 32, 4 (2002), 665--683.Google ScholarCross Ref
Icek Ajzen. 2005. Attitudes, Personality, and Behavior. McGraw-Hill Education (UK), Berkshire, England.Google Scholar
Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in Warning-land: A Large-Scale Field Study of Browser Security Warning Effectiveness. In USENIX security symposium, Vol. 13. Google ScholarDigital Library
Robert M Arthur. 2011. Examining traffic flow and speed data: Determining imitative behavior. Traffic Injury Prevention 12, 3 (2011), 266--273.Google ScholarCross Ref
Lisa G Aspinwall and Susanne M Brunhart. 1996. Distinguishing optimism from denial: Optimistic beliefs predict attention to health threats. Personality and Social Psychology Bulletin 22, 10 (1996), 993--1003.Google ScholarCross Ref
David E Bell. 1985. Disappointment in decision making under uncertainty. Operations Research 33, 1 (1985), 1--27. Google ScholarDigital Library
Claude Bernard. 1879. Leçons sur les phénomènes de la vie commune aux animaux et aux végétaux. Baillière.Google Scholar
Wiebke Bleidorn, Christopher J Hopwood, and Richard E Lucas. 2016. Life Events and Personality Trait Change. Journal of Personality (2016).Google Scholar
Nils I Bohlin. 1967. A statistical analysis of 28,000 accident cases with emphasis on occupant restraint value. Technical Report. SAE Technical Paper.Google Scholar
Cristian Bravo-Lillo, Saranga Komanduri, Lorrie Faith Cranor, Robert W Reeder, Manya Sleeper, Julie Downs, and Stuart Schechter. 2013. Your attention please: designing security-decision UIs to make genuine risks harder to ignore. In Proceedings of the Ninth Symposium on Usable Privacy and Security. ACM, 6. Google ScholarDigital Library
Bonnie Brinton Anderson, Anthony Vance, C Brock Kirwan, David Eargle, and Jeffrey L Jenkins. 2016. How users perceive and respond to security messages: a NeuroIS research agenda and empirical study. European Journal of Information Systems 25, 4 (2016), 364--390.Google ScholarCross Ref
Wibecke Brun. 1992. Cognitive components in risk perception: Natural versus manmade risks. Journal of Behavioral Decision Making 5, 2 (1992), 117--132.Google ScholarCross Ref
John Chapin and JoAnn Chirico. 2001. Why It Won't Happen to Me: How Older Adolescents Make Personal Risk Assessments. In Annual Meeting of the National Communication Association (87th, Atlanta, GA). ERIC. November 1-4.Google Scholar
Vincent Covello and Peter M Sandman. 2001. Risk communication: evolution and revolution. Solutions to an Environment in Peril (2001), 164--178.Google Scholar
Sadie Creese, Duncan Hodges, Sue Jamison-Powell, and Monica Whitty. 2013. Relationships between password choices, perceptions of risk and security expertise. In International Conference on Human Aspects of Information Security, Privacy, and Trust. Springer, 80--89.Google ScholarCross Ref
Robert E Crossler, Allen C Johnston, Paul Benjamin Lowry, Qing Hu, Merrill Warkentin, and Richard Baskerville. 2013. Future directions for behavioral information security research. Computers & Security 32 (2013), 90--101.Google ScholarCross Ref
David G Curry, Robert D Quinn, David R Atkins, and Tage CG Carlson. 2004. Injuries & the Experienced Worker. Professional Safety 49, 9 (2004), 30--34.Google Scholar
Antonio Damasio and Hanna Damasio. 2016. Exploring the concept of homeostasis and considering its implications for economics. Journal of Economic Behavior & Organization 126 (2016), 125--129.Google ScholarCross Ref
Robyn M Dawes. 2001. Everyday irrationality: How pseudo-scientists, lunatics, and the rest of us systematically fail to think rationally. Westview Press, Boulder, CO.Google Scholar
Department of Health, Education, and Welfare. 1979. The Belmont Report. (1979). tps://www.hhs.gov/ohrp/regulations-and-policy/belmont-report/.Google Scholar
Mary Douglas. 1986. Risk acceptability according to the social sciences. Vol. 11. Russell Sage Foundation, USA.Google Scholar
Serge Egelman and Stuart Schechter. 2013. The importance of being earnest {in security warnings}. In International Conference on Financial Cryptography and Data Security. Springer, 52--59.Google ScholarCross Ref
Louise Eriksson. 2014. Risk perception and responses among private forest owners in Sweden. Small-Scale Forestry 13, 4 (2014), 483--500.Google ScholarCross Ref
Leonard Evans. 1986. Risk homeostasis theory and traffic accident data. Risk Analysis 6, 1 (1986), 81--94.Google ScholarCross Ref
Leonard Evans, Paul Wasielewski, and Calvin R Von Buseck. 1982. Compulsory seat belt usage and driver risk-taking behavior. Human Factors 24, 1 (1982), 41--48.Google ScholarCross Ref
Ezzat A Fattah. 1993. The rational choice/opportunity perspectives as a vehicle for integrating criminological and victimological theories. Routine Activity and Rational Choice: Advances in Criminological Theory 5 (1993), 225--258.Google Scholar
Martin Fishbein and Icek Ajzen. 1977. Belief, attitude, intention, and behavior: An introduction to theory and research. Addison-Wesley, Reading, MA.Google Scholar
Pamela Grimm. 2010. Social desirability bias. Wiley International Encyclopedia of Marketing (2010).Google Scholar
Brent Hagel and Willem Meeuwisse. 2004. Risk compensation: a "side effect" of sport injury prevention? Clinical Journal of Sport Medicine 14, 4 (2004), 193--196.Google ScholarCross Ref
Frank A Haight. 1986. Risk, especially risk of traffic accident. Accident Analysis & Prevention 18, 5 (1986), 359--366.Google ScholarCross Ref
Peter Harris. 2007. The impact of perceived experience on likelihood judgments for self and others: An experimental approach. European Journal of Social Psychology 37, 1 (2007), 141--151.Google ScholarCross Ref
James Hedlund. 2000. Risky business: safety regulations, risk compensation, and individual behavior. Injury Prevention 6, 2 (2000), 82--89.Google ScholarCross Ref
Thomas W Hoyes. 1992. Risk homeostasis theory in simulated environments. Ph.D. Dissertation. Aston University.Google Scholar
Thomas W Hoyes and Aleck Ian Glendon. 1993. Risk homeostasis: issues for future research. Safety Science 16, 1 (1993), 19--33.Google ScholarCross Ref
Thomas W Hoyes and Neville A Stanton. 1995. Testing risk homeostasis theory in a simulated process control task: implications for alarm reduction strategies. In Human Factors in Alarm Design. Taylor & Francis, Inc., 45--58. Google ScholarDigital Library
Thomas W Hoyes, Neville A Stanton, and RG Taylor. 1996. Risk homeostasis theory: A study of intrinsic compensation. Safety Science 22, 1 (1996), 77--86.Google ScholarCross Ref
Helmut Jungermann and Paul Slovic. 1993. Die Psychologie der Kognition und Evaluation von Risiko. In Risiko und Gesellschaft. Springer, 167--207.Google Scholar
Jeanne X Kasperson, Roger E Kasperson, Nick Pidgeon, and Paul Slovic. 2003. The social amplification of risk: assessing fifteen years of research and theory. The social amplification of risk 1 (2003), 13--46.Google Scholar
Wayne Derek Kearney. 2016. Risk homeostasis as a factor in information security. Ph.D. Dissertation. Computer Science, North West University.Google Scholar
Richard Kissel. 2013. NISTIR 7298 Revision 2. Glossary of Key Information Security Terms. (2013). nvlpubs.nist.gov/nistpubs/ir/2013/NIST.IR.7298r2.pdf.Google Scholar
Tapio Klen. 1997. Personal protectors and working behaviour of loggers. Safety Science 25, 1 (1997), 89--103.Google ScholarCross Ref
Fanny Lalonde Lévesque, Jude Nsiempba, José M Fernandez, Sonia Chiasson, and Anil Somayaji. 2013. A clinical study of risk factors related to malware infections. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 97--108. Google ScholarDigital Library
John Leach. 2003. Improving user security behaviour. Computers & Security 22, 8 (2003), 685--692. Google ScholarDigital Library
James Lee Jr, Merrill Warkentin, Robert E Crossler, and Robert F Otondo. 2016. Implications of Monitoring Mechanisms on Bring Your Own Device Adoption. Journal of Computer Information Systems (2016), 1--10.Google Scholar
Huigang Liang and Yajiong Xue. 2009. Avoidance of information technology threats: a theoretical perspective. MIS Quarterly (2009), 71--90. Google ScholarDigital Library
Huigang Liang and Yajiong Xue. 2010. Understanding security behaviors in personal computer usage: A threat avoidance perspective. Journal of the Association for Information Systems 11, 7 (2010), 394.Google ScholarCross Ref
Maria Luisa Lima. 2004. On the influence of risk perception on mental health: living near an incinerator. Journal of environmental psychology 24, 1 (2004), 71--84.Google ScholarCross Ref
Robert L Linn, M Elizabeth Graue, and Nancy M Sanders. 1990. Comparing state and district test results to national norms: The validity of claims that "everyone is above average". Educational Measurement: Issues and Practice 9, 3 (1990), 5--14.Google ScholarCross Ref
Graham Loomes and Robert Sugden. 1982. Regret theory: An alternative theory of rational choice under uncertainty. The Economic Journal 92, 368 (1982), 805--824.Google ScholarCross Ref
Adrian K Lund and Paul Zador. 1984. Mandatory belt use and driver risk taking. Risk Analysis 4, 1 (1984), 41--53.Google ScholarCross Ref
John Thompson MacCurdy 1943. The Structure of Morale. Cambridge University Press, New York.Google Scholar
Joseph E McGrath. 1995. Methodology matters: Doing research in the behavioral and social sciences. In Readings in Human-Computer Interaction: Toward the Year 2000 (2nd ed). Citeseer, San Francisco. Google ScholarDigital Library
Frank P McKenna. 1985. Do safety measures really work? An examination of risk homoeostasis theory. Ergonomics 28, 2 (1985), 489--498.Google ScholarCross Ref
Frank P McKenna. 1987. Behavioural compensation and safety. Journal of Occupational Accidents 9, 2 (1987), 107--121.Google ScholarCross Ref
Qing Miao and David Popp. 2014. Necessity as the mother of invention: Innovative responses to natural disasters. Journal of Environmental Economics and Management 68, 2 (2014), 280--295.Google ScholarCross Ref
Stanley Milgram. 1963. Behavioral Study of obedience. The Journal of Abnormal and Social Psychology 67, 4 (1963), 371--378.Google ScholarCross Ref
Arwen Mohun. 2012. Risk:Negotiating Safety in American Society. JHU Press.Google Scholar
Richard E Nisbett and Timothy D Wilson. 1977. The halo effect: Evidence for unconscious alteration of judgments. Journal of Personality and Social Psychology 35, 4(1977), 250--256.Google ScholarCross Ref
Fran H Norris, Tenbroeck Smith, and Krzysztof Kaniasty. 1999. Revisiting the experience-behavior hypothesis: the effects of hurricane Hugo on hazard preparedness and other self-protective acts. Basic and Applied Social Psychology 21, 1 (1999), 37--47.Google Scholar
Brian O'Neill, Adrian K Lund, Paul Zador, and Steve Ashton. 1985. Mandatory belt use and driver risk taking: An empirical evaluation of the risk-compensation hypothesis. In Human Behavior and Traffic Safety. Springer, 93--118.Google Scholar
Brian O'Neill and Allan Williams. 1998. Risk homeostasis hypothesis: A rebuttal. Injury Prevention 4, 2 (1998), 92--93.Google ScholarCross Ref
Jan E Paradise, Jennifer Cote, Sara Minsky, Ana Lourenco, and Jonathan Howland. 2001. Personal values and sexual decision-making among virginal and sexually experienced urban adolescent girls. Journal of Adolescent Health 28, 5 (2001), 404--409.Google ScholarCross Ref
Malcolm R Pattinson, Marcus A Butavicius, Kathryn Parsons, Agata McCormac, and Cate Jerram. 2015. Examining Attitudes toward Information Security Behaviour using Mixed Methods.. In International Symposium on Human Aspects of Information Security & Assurance. Lesvos, Greece, 57--70.Google Scholar
Rebecca Pedruzzi and Anne Swinbourne. 2009. "It won't happen to me:" optimism, biases, and recall of road-risk information. In Proceedings of the Australian College of Road Safety Conference. Perth, WA, Australia, 1--12.Google Scholar
Sam Pelzman. 1975. The Effects of Automobile Safety Regulation. Journal of Political Economy 83, 4 (1975), 677--726.Google ScholarCross Ref
Colin Powell. 2007. The perception of risk and risk taking behavior: Implications for incident prevention strategies. Wilderness and Environmental Medicine 18, 1 (2007), 10--15.Google ScholarCross Ref
James O Prochaska, Carlo C DiClemente, and John C Norcross. 1992. In search of how people change: Applications to addictive behaviors. American Psychologist 47, 9 (1992), 1102.Google ScholarCross Ref
Kelvin Redolfo. 2000. What is homeostasis? Scientific American (January 2000).Google Scholar
D Runcie and DA Seaver. 1991. Inadequate Self-Discipline as a Causal Factor in Human Error Accidents. Technical Report. DTIC Document.Google Scholar
Scott Ruoti, Tyler Monson, Justin Wu, Daniel Zappala, and Kent Seamons. 2017. Weighing Context and Trade-offs: How Suburban Adults Selected Their Online Security Posture. In Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017). USENIX Association, 211--228.Google Scholar
Fridulv Sagberg, Stein Fosser, and Inger-Anne F Sætermo. 1997. An investigation of behavioural adaptation to airbags and antilock brakes among taxi drivers. Accident Analysis & Prevention 29, 3 (1997), 293--302.Google ScholarCross Ref
Thomas Schlösser, David Dunning, and Detlef Fetchenhauer. 2013. What a feeling: the role of immediate and anticipated emotions in risky decisions. Journal of Behavioral Decision Making 26, 1 (2013), 13--30.Google ScholarCross Ref
USA Homeland Security. 2012. The Menlo Report. (2012).Google Scholar
Herbert A Simon. 1957. Models of Man; Social and Rational. Wiley, New York.Google Scholar
Lennart Sjöberg. 2000. Factors in risk perception. Risk analysis 20, 1 (2000), 1--12.Google Scholar
Lennart Sjöberg, Bjørg-Elin Moen, and Torbjørn Rundmo. 2004. Explaining risk perception. An evaluation of the psychometric paradigm in risk perception research. (2004). Rotunde publikasjoner. Norwegian University of Science and Technology, Department of Psychology.Google Scholar
P Slovic. 1987. Perception of Risk. Science 236, 4799 (1987), 280--5.Google Scholar
Paul Slovic. 1992. Perception of risk: Reflections on the psychometric paradigm. In D. Golding and S. Krimsky (Eds.), Theories of Risk. New York: Praeger.Google Scholar
Paul Slovic, Melissa L Finucane, Ellen Peters, and Donald G MacGregor. 2004. Risk as analysis and risk as feelings: Some thoughts about affect, reason, risk, and rationality. Risk Analysis 24, 2 (2004), 311--322.Google ScholarCross Ref
Paul Slovic, Baruch Fischhoff, and Sarah Lichtenstein. 1986. The psychometric study of risk perception. In Risk evaluation and management. Springer, 3--24.Google Scholar
Adam Smith. 2010. The theory of moral sentiments. Penguin.Google Scholar
J Spring, T Moore, and D Pym. 2017. Practicing a Science of Security. In New Security Paradigms Workshop (NSPW). Santa Cruz, USA. October. Google ScholarDigital Library
Diederik A Stapel and Aart S Velthuijsen. 1996. "Just as if it happened to me": The impact of vivid and self-relevant information on risk judgments. Journal of Social and Clinical Psychology 15, 1 (1996), 102--119.Google ScholarCross Ref
Fredrick M Streff and E Scott Geller. 1988. An experimental test of risk compensation: Between-subject versus within-subject analyses. Accident Analysis & Prevention 20, 4 (1988), 277--287.Google ScholarCross Ref
Heikki Summala. 1996. Accident risk and driver behaviour. Safety Science 22, 1 (1996), 103--117.Google ScholarCross Ref
Wayne C Summers and Edward Bosworth. 2004. Password policy: the good, the bad, and the ugly. In Proceedings of the Winter International Symposium on Information and Communication Technologies. Trinity College Dublin, 1--6. Google ScholarDigital Library
SıdıkaTekeli-Yeşil, Necati Dedeoğlu, Charlotte Braun-Fahrlaender, and Marcel Tanner. 2010. Factors motivating individuals to take precautionary action for an expected earthquake in Istanbul. Risk Analysis 30, 8 (2010), 1181--1195.Google ScholarCross Ref
Ulrich Tränkle and Christhard Gelau. 1992. Maximization of subjective expected utility or risk control? Experimental tests of risk homeostasis theory. Ergonomics 35, 1 (1992), 7--23.Google ScholarCross Ref
Rüdiger M Trimpop. 1996. Risk homeostasis theory: problems of the past and promises for the future. Safety Science 22, 1 (1996), 119--130.Google ScholarCross Ref
Alison G Vredenburgh and H Harvey Cohen. 1995. High-risk recreational activities: skiing and scuba --- what predicts compliance with warnings. International Journal of Industrial Ergonomics 15, 2 (1995), 123--128.Google ScholarCross Ref
Merrill Warkentin, Robert E Crossler, and Nirmalee Malimage. 2012. Are You Sure You're Safe? Perceived Security Protection as an Enabler of Risky IT Behavior. In Proceedings of the 2012 International Federation of Information Processing (IFIP) International Workshop on Information Systems Security Research, Dewald Roode Information Security Workshop.Google Scholar
Merrill Warkentin, Allen C Johnston, Eric Walden, and Detmar William Straub. 2016. Neural Correlates of Protection Motivation for Secure IT Behaviors: An fMRI Examination. Journal of the Association for Information Systems 17, 3 (2016), 194--215.Google ScholarCross Ref
Merrill Warkentin, Zhengchuan Xu, and Leigh A. Mutchler. 2013. I'm Safer than You: The Role of Optimism Bias in Personal IT Risk Assessments. In Proceedings of 2013 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop, Niagara, NY, October.Google Scholar
Rick Wash and Emilee J Rader. 2015. Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet Users. In SOUPS. 309--325.Google Scholar
Neil D Weinstein. 1989. Effects of personal experience on self-protective behavior. Psychological Bulletin 105, 1 (1989), 31--50.Google ScholarCross Ref
Ryan West. 2008. The psychology of security. Commun. ACM 51, 4 (2008), 34--40. Google ScholarDigital Library
Gerald JS Wilde. 1982. The theory of risk homeostasis: implications for safety and health. Risk Analysis 2, 4 (1982), 209--225.Google ScholarCross Ref
Gerald JS Wilde, Stephen P Claxton-Oldfield, and Peter H Platenius. 1985. Risk homeostasis in an experimental context. In Human Behavior and Traffic Safety. Springer, 119--149.Google Scholar
Gerald J S Wilde. 1985. Assumptions necessary and unnecessary to risk homoeostasis. Ergonomics 28, 11 (1985), 1531--1538.Google ScholarCross Ref
Jie Zhang, Brian J Reithel, and Han Li. 2009. Impact of perceived technical protection on security behaviors. Information Management & Computer Security 17, 4 (2009), 330--340.Google ScholarCross Ref
Philip G Zimbardo. 1972. Comment: Pathology of imprisonment. Society 9, 6 (1972), 4--8.Google ScholarCross Ref
Gregory D Zimet, Marcia L Shew, and Jessica A Kahn. 2008. Appropriate use of cervical cancer vaccine. Annual Review Medicine 59 (2008), 223--236.Google ScholarCross Ref

Index Terms

Risk Homeostasis in Information Security: Challenges in Confirming Existence and Verifying Impact
1. General and reference
  1. Cross-computing tools and techniques
    1. Empirical studies
2. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Social aspects of security and privacy

Recommendations

On risk: perception and direction

The idea of risk permeates the information security field. We use terms like ''risk management'', ''risk assessment'', ''risk model'' and ''risk analysis'' every day, and those topics are themselves the subject of countless papers and articles in ...
Read More
Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis
Read More
Rethinking risk-based information security
InfoSecCD '07: Proceedings of the 4th annual conference on Information security curriculum development

Risk assessment in the insurance and financial industries use processes and empirical data created specifically for their needs. The risk assessment processes used by IT and information security (InfoSec) risk management do not work as well. The ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in

NSPW '17: Proceedings of the 2017 New Security Paradigms Workshop
October 2017
138 pages
ISBN:9781450363846
DOI:10.1145/3171533

Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 October 2017
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Challenges
Risk Homeostasis
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
Overall Acceptance Rate62of170submissions,36%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 10
  Total Citations
  View Citations
- 201
  Total Downloads
- Downloads (Last 12 months)21
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Risk Homeostasis in Information Security: Challenges in Confirming Existence and Verifying Impact

NSPW '17: Proceedings of the 2017 New Security Paradigms Workshop

ABSTRACT

References

Cited By

Index Terms

Recommendations

On risk: perception and direction

Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis

Rethinking risk-based information security

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Risk Homeostasis in Information Security: Challenges in Confirming Existence and Verifying Impact

NSPW '17: Proceedings of the 2017 New Security Paradigms Workshop

ABSTRACT

References

Cited By

Index Terms

Recommendations

On risk: perception and direction

Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis

Rethinking risk-based information security

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media