Learn More
The authors describe a behavioral theory of the dynamics of insider-threat risks. Drawing on data related to information technology security violations and on a case study created to explain the dynamics observed in that data, the authors constructed a system dynamics model of a theory of the development of insider-threat risks and conducted numerical(More)
While many theoretical arguments against or in favor of open source and closed source software development have been presented, the empirical basis for the assessment of arguments and the development of models is still weak. Addressing this research gap, this paper presents the first comprehensive empirical investigation of published vulnerabilities and(More)
The growing reliance on technological infrastructures has made organizations increasingly vulnerable to threats from trusted employees, former employees, current or former contractors, and clients. Recent research indicates that successful defense from these threats depends on both technical and behavioral controls. In this paper, we report on our work to(More)
Remote voting through the Internet provides convenience and access to the electorate. At the same time, the security concerns facing any distributed application are magnified when the task is so crucial to democratic society. In addition, some of the electoral process loses transparency when it is encapsulated in information technology. In this paper, we(More)
In this paper, we present insights generated by modeling the emergence of insider threat vulnerabilities in organizations. In our model, we integrate concepts from social judgment theory, signal detection theory, and the cognitive psychology of memory and belief formation. With this model, we investigate the emergence of vulnerabilities (especially that are(More)
Information security researchers hypothesize that black markets exist for the trading of software vulnerabilities and zero-day exploits. Such markets would encourage the development and exploitation of vulnerabilities through direct attack, malware spread or extortion. It is hard to assess the presence of vulnerability black markets and their associated(More)