当前位置:
X-MOL 学术
›
J. Manag. Info. Syst.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Understanding Security Vulnerability Awareness, Firm Incentives, and ICT Development in Pan-Asia
Journal of Management Information Systems ( IF 7.7 ) Pub Date : 2020-07-02 , DOI: 10.1080/07421222.2020.1790185 Yunhui Zhuang 1 , Yunsik Choi 2 , Shu He 3 , Alvin Chung Man Leung 1 , Gene Moo Lee 4 , Andrew Whinston 5
Journal of Management Information Systems ( IF 7.7 ) Pub Date : 2020-07-02 , DOI: 10.1080/07421222.2020.1790185 Yunhui Zhuang 1 , Yunsik Choi 2 , Shu He 3 , Alvin Chung Man Leung 1 , Gene Moo Lee 4 , Andrew Whinston 5
Affiliation
ABSTRACT This paper investigates how the awareness of a security vulnerability index affects firms’ security protection strategy and how the information awareness effect interacts with firm incentives and country-wide information technology (IT) development level. The security index is constructed based on outgoing spams and phishing website hosting, which may serve as an indicator of a firm’s security controls. To study whether security vulnerability awareness causes firms to improve their security, we conducted a randomized field experiment on 1,262 firms in six Pan-Asian countries and regions. Among 631 randomly selected treated firms, we alerted them of their security vulnerability index and their relative rankings compared to their peers via advisory emails and websites. Difference-in-differences analyses show that compared with the controls, the treated firms improve their security over time, with a statistically significant reduction of outgoing spam volume according to one of the data sources but not phishing website hosting. However, a statistically significant reduction in phishing website hosting was observed among non-web hosting firms, suggesting that firms’ underlying incentives play an important role in the treatment effect. Lastly, exploiting the multi-country nature of the data, we found that firms in countries with high information and communications technology (ICT) development are more responsive to our intervention because they have higher IT capabilities and more resources to resolve security issues. Our study provides cybersecurity policymakers with useful insights on how firm incentives and ICT environments play roles in firms’ security measure adoption.
中文翻译:
了解泛亚的安全漏洞意识、企业激励和 ICT 发展
摘要 本文研究了安全漏洞指数的意识如何影响企业的安全保护策略,以及信息意识效应如何与企业激励和全国信息技术(IT)发展水平相互作用。安全指数是根据外发垃圾邮件和网络钓鱼网站托管构建的,可以作为公司安全控制的指标。为了研究安全漏洞意识是否会促使企业提高安全性,我们对泛亚六个国家和地区的 1,262 家企业进行了随机现场实验。在随机选择的 631 家接受治疗的公司中,我们通过咨询电子邮件和网站向他们通报了他们的安全漏洞指数以及与同行相比的相对排名。差异分析表明,与对照相比,随着时间的推移,接受处理的公司提高了他们的安全性,根据数据源之一,但不是网络钓鱼网站托管,发出的垃圾邮件数量在统计上显着减少。然而,在非网络托管公司中观察到网络钓鱼网站托管在统计上显着减少,这表明公司的潜在激励在处理效果中起着重要作用。最后,利用数据的多国性质,我们发现信息和通信技术 (ICT) 高度发达的国家的公司对我们的干预更敏感,因为它们具有更高的 IT 能力和更多资源来解决安全问题。我们的研究为网络安全政策制定者提供了有关公司激励措施和 ICT 环境如何在公司采用安全措施中发挥作用的有用见解。
更新日期:2020-07-02
中文翻译:
了解泛亚的安全漏洞意识、企业激励和 ICT 发展
摘要 本文研究了安全漏洞指数的意识如何影响企业的安全保护策略,以及信息意识效应如何与企业激励和全国信息技术(IT)发展水平相互作用。安全指数是根据外发垃圾邮件和网络钓鱼网站托管构建的,可以作为公司安全控制的指标。为了研究安全漏洞意识是否会促使企业提高安全性,我们对泛亚六个国家和地区的 1,262 家企业进行了随机现场实验。在随机选择的 631 家接受治疗的公司中,我们通过咨询电子邮件和网站向他们通报了他们的安全漏洞指数以及与同行相比的相对排名。差异分析表明,与对照相比,随着时间的推移,接受处理的公司提高了他们的安全性,根据数据源之一,但不是网络钓鱼网站托管,发出的垃圾邮件数量在统计上显着减少。然而,在非网络托管公司中观察到网络钓鱼网站托管在统计上显着减少,这表明公司的潜在激励在处理效果中起着重要作用。最后,利用数据的多国性质,我们发现信息和通信技术 (ICT) 高度发达的国家的公司对我们的干预更敏感,因为它们具有更高的 IT 能力和更多资源来解决安全问题。我们的研究为网络安全政策制定者提供了有关公司激励措施和 ICT 环境如何在公司采用安全措施中发挥作用的有用见解。
京公网安备 11010802027423号