Determination of the actual value of security measures is an area currently undergoing scrutiny by many researchers. One method to determine this is to devise a simulation model that incorporates interactions between an information system, its users and a population of attackers. Initial simulation results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value. Policy implications include the realization that IT security policy makers should be aware of their location in the state space before setting IT security policy.
Revised: October 26, 2010 |
Published: July 1, 2005
Citation
Pendegraft N., M. Rounds, and D.A. Frincke. 2005.A Simulation Model of IS Security. In Proceedings of the 43rd Annual Association for Computing Machinery Southeast Conference, 2, 172-177. New York, New York:The Association for Computing Machinery, Inc.PNNL-SA-45235.