Modeling behavioral considerations related to information security

Albrechtsen, 2007, A qualitative study of users’ view on information security, Computers & Security, 26, 276, 10.1016/j.cose.2006.11.004 Albrechtsen, 2009, The information security digital divide between information security managers and users, Computers & Security, 28, 476, 10.1016/j.cose.2009.01.003 Albrechtsen, 2010, Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study, Computers & Security, 29, 432, 10.1016/j.cose.2009.12.005 Andersen DF, Cappelli D, Gonzalez JJ, Mojtahedzadeh M, Moore A, Rich E, Sarriegui JM, Shimeall TJ, Stanton J, Weaver E, & Zagonel A. Preliminary System Dynamics Maps of the Insider Cyber-threat Problem. Paper presented at the Proceedings of the 22nd International Conference of the System Dynamics Society, Oxford, UK; 2004. Ashby, 1956 Ashby, 1958, Requisite variety and its implications for the control of complex systems, Cybernetica, 1, 83 Barlas, 1996, Formal aspects of model validity and validation in system dynamics, System Dynamics Review, 12, 183, 10.1002/(SICI)1099-1727(199623)12:3<183::AID-SDR103>3.0.CO;2-4 Bernard, 2000 Brewer, 1989 Brunswik, 1943, Organismic achievement and environmental probability, Psychological Review, 50, 255, 10.1037/h0060889 Brunswik, 1956 Burton, 1995, The validity of computational models in organization science: from model realism to purpose of the model, Computational & Mathematical Organization Theory, 1, 57, 10.1007/BF01307828 Camerer, 1999, Experienced-weighted attraction learning in normal games, Econometrica, 67, 827, 10.1111/1468-0262.00054 Chabris, 2010 Da Veiga, 2010, A framework and assessment instrument for information security culture, Computers & Security, 29, 196, 10.1016/j.cose.2009.09.002 Dlamini, 2009, Information security: the moving target, Computers & Security, 28, 189, 10.1016/j.cose.2008.11.007 Dodge, 2007, Phishing for user security awareness, Computers & Security, 26, 73, 10.1016/j.cose.2006.10.009 Drevin, 2007, Value-focused assessment of ICT security awareness in an academic environment, Computers & Security, 26, 36, 10.1016/j.cose.2006.10.006 Erev, 1998, Signal detection by human observers: A cutoff reinforcement learning model of categorization decisions under uncertainty, Psychological Review, 105, 280, 10.1037/0033-295X.105.2.280 Erev, 1995, Toward a generalization of signal detection theory to n-person games: the example of two-person safety problem, Journal of Mathematical Psychology, 39, 360, 10.1006/jmps.1995.1034 Feltovich, 2000, Reinforcement-based vs. belief-based learning models in experimental asymmetric-information games, Econometrica, 68, 605, 10.1111/1468-0262.00125 Forrester, 1961 Forrester, 1980, Tests for building confidence in system dynamics models, TIMS Studies in Management Sciences, 14, 209 Furnell, 2007, Making security usable: are things improving?, Computers & Security, 26, 434, 10.1016/j.cose.2007.06.003 Goldstein, 2005 2003 Goring, 2007, Anti-keylogging measures for secure Internet login: an example of the law of unintended consequences, Computers & Security, 26, 421, 10.1016/j.cose.2007.05.003 Green, 1966 Hambrick, 2007, New academic fields as admittance-seeking social movements: the case of strategic management, Academy of Management Review, 33, 32, 10.5465/AMR.2008.27745027 Hammond, 1996 Hammond, 2000 Hammond, 1980 2001 Hammond, 1975, Social judgment theory, 271 1982 Kahneman, 1982, The psychology of preferences, Scientific American, 246, 160, 10.1038/scientificamerican0182-160 Keeney, 2005 Klayman, 1984, Learning from feedback in probabilistic environments, Acta Psychologica, 56, 81, 10.1016/0001-6918(84)90009-X Klayman, 1988, Cue discovery in probabilistic environments: uncertainty and experimentation, Learning, Memory, and Cognition, 14, 317, 10.1037/0278-7393.14.2.317 Knapp, 2009, Information security policy: an organizational-level process model, Computers & Security, 28, 493, 10.1016/j.cose.2009.07.001 Kolb, 1984 Kraemer, 2009, Human and organizational factors in computer and information security: pathways to vulnerabilities, Computers & Security, 28, 509, 10.1016/j.cose.2009.04.006 Liginlal, 2009, How significant is human error as a cause of privacy breaches? An empirical study and a framework for error management, Computers & Security, 28, 215, 10.1016/j.cose.2008.11.003 Macmillan, 2005 Maddox, 1998, Base-rate and payoff effects in multidimensional perceptual categorization, Journal of Experimental Psychology: Learning, Memory, and Cognition, 24, 1459, 10.1037/0278-7393.24.6.1459 Martinez-Moyano, 2006, Exploring the detection process: integrating judgment and outcome decomposition, Lecture Notes in Computer Science, 3975, 701, 10.1007/11760146_97 Martinez-Moyano, 2008, A behavioral theory of insider-threat risks: a system dynamics approach, ACM Transactions on Modeling Computer Simulation, 18, 1, 10.1145/1346325.1346328 Martinez-Moyano IJ, Richardson GP. An Expert View of the System Dynamics Modeling Process: Concurrences and Divergences Searching for Best Practices in System Dynamics Modeling. Paper presented at the 20th International Conference of the System Dynamics Society, Palermo, Italy; 2002. Melara, 2003, A system dynamics model of an insider attack on an information system, 9 Newman, 1998 Oliva, 1995, vol. D-4584 Oliva, 2003, Model calibration as a testing strategy for system dynamics models, European Journal of Operational Research, 151, 552, 10.1016/S0377-2217(02)00622-7 Palmieri, 2010, Network anomaly detection through nonlinear analysis, Computers & Security, 29, 737, 10.1016/j.cose.2010.05.002 Randazzo, 2004 Rich E, Gonzalez J J. Maintaining security and safety in high-threat e-operations transitions. Paper presented at the 39th Hawaii International Conference on System Sciences, Hawaii; 2006. Rich E, Martinez-Moyano, IJ, Conrad S, Moore AP, Cappelli DM, Shimeall TJ, Andersen DF, Gonzalez JJ, Ellison RJ, Lipson HF, Mundie DA, Sarriegui JM, Sawicka A, Stewart, TR, Torres JM, Weaver EA, Wiik J, Zagonel AA. Simulating insider cyber-threat risks: a model-based case and a case-based model. Paper presented at the International Conference of the System Dynamics Society, Cambridge, MA; 2005. Richardson, 1989 Ruighaver, 2007, Organisational security culture: extending the end-user perspective, Computers & Security, 26, 56, 10.1016/j.cose.2006.10.008 Senge, 2006 Sterman, 1984, Appropriate summary statistics for evaluating the historical fit of system dynamics models, Dynamica, 10, 51 Sterman, 2000 Stewart, 1988, Judgment analysis: procedures Stewart, 2000, Uncertainty, judgment, and error in prediction, 41 Stewart, 1994, Seven components of judgmental forecasting skill: implications for research and the improvement of forecasts, Journal of Forecasting, 13, 579, 10.1002/for.3980130703 Swets, 1992, The science of choosing the right decision threshold in high-stakes diagnostics, American Psychologist, 47, 522, 10.1037/0003-066X.47.4.522 Swets, 1973, The relative operating characteristic in psychology, Science, 182, 990, 10.1126/science.182.4116.990 Taleb, 2004 Vroom, 2004, Towards information security behavioural compliance, Computers & Security, 23, 191, 10.1016/j.cose.2004.01.012 Weaver, 2006, Threshold setting and the cycling of a decision threshold, System Dynamics Review, 22, 1, 10.1002/sdr.327 Workman, 2010, A behaviorist perspective on corporate harassment online: Validation of a theoretical model of psychological motives, Computers & Security, 29, 831, 10.1016/j.cose.2010.09.003 Wu, 1999, Anxiety and decision making with delayed resolution of uncertainty, Theory and Decisions, 46, 159, 10.1023/A:1004990410083 Yu, 2007, An adaptive method for anomaly detection in symmetric network traffic, Computers & Security, 26, 427, 10.1016/j.cose.2007.06.001