Title :
Security Risk Management Using Incentives
Author :
Liu, Debin ; Li, Ninghui ; Wang, XiaoFeng ; Camp, L. Jean
Abstract :
The authors propose an incentive-based access control (IBAC) that uses separate mechanisms for controlling aggregated risks and incentivizing users to reduce unnecessary risks. This mechanism encourages users to make necessary accesses while discouraging them from taking unnecessary risks. To achieve this, the authors introduce novel incentive mechanism based on contract theory. They demonstrate that Nash equilibriums can be achieved in which users´ optimal strategy is performing the risk-mitigation efforts to minimize their organization´s risk; the authors´ human-subject studies empirically confirm these theoretical results.
Keywords :
authorisation; game theory; risk management; Nash equilibrium; contract theory; incentive mechanism; incentive-based access control; organization risk; risk aggregation; risk mitigation effort; security risk management; unnecessary risks reduction; Access control; Contracts; Optimization; Privacy; Risk management; Insider threat; access control; human-subject experiment; incentive engineering; risk management;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2011.99
