Organizational information security as a complex adaptive system: insights from three agent-based models |
| |
| Authors: | A J Burns Clay Posey James F Courtney Tom L Roberts Prabhashi Nanayakkara |
| |
| Affiliation: | 1.College of Business and Technology,The University of Texas at Tyler,Tyler,USA;2.Culverhouse College of Commerce,The University of Alabama,Tuscaloosa,USA;3.College of Business,Louisiana Tech University,Ruston,USA;4.College of Business,University of Houston-Clear Lake,Houston,USA |
| |
| Abstract: | The management of information security can be conceptualized as a complex adaptive system because the actions of both insiders and outsiders co-evolve with the organizational environment, thereby leading to the emergence of overall security of informational assets within an organization. Thus, the interactions among individuals and their environments at the micro-level form the overall security posture at the macro-level. Additionally, in this complex environment, security threats evolve constantly, leaving organizations little choice but to evolve alongside those threats or risk losing everything. In order to protect organizational information systems and associated informational assets, managers are forced to adapt to security threats by training employees and by keeping systems and security procedures updated. This research explains how organizational information security can perhaps best be managed as a complex adaptive system (CAS) and models the complexity of IS security risks and organizational responses using agent-based modeling (ABM). We present agent-based models that illustrate simple probabilistic phishing problems as well as models that simulate the organizational security outcomes of complex theoretical security approaches based on general deterrence theory (GDT) and protection motivation theory (PMT). |
| |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! |
|
