期刊文献+

平衡误差和扭曲的信息安全激励

Information security incentive balance between error and distortion
下载PDF
导出
摘要 应用多任务委托——代理模型,从全面信息安全绩效评估和技术方面工作的效果测评2个方面分析了对信息安全的激励效果,并用三角函数表示两者间的扭曲.对于全面信息安全绩效评估的误差较大,为了在激励中平衡误差和扭曲,提出综合两个方面进行激励的方法.随着信息安全风险评估的实施,全面信息安全绩效评估的误差将减少,激励中其所占比重必然加大.当信息安全水平足够成熟时,信息安全的激励可完全通过全面信息安全绩效评估来进行,实现信息安全工作效果和信息安全战略目标的精确校准,产生最优的信息安全激励效果. Based on the multi-task principal-agent model, the article focuses on the incentive effect to information security from performance estimation of full-scale information security and technological work. Trigonometric function is used to explain the distortion between the two aspects. Since the performance estimation of full-scale information security may produce serious error, the integration of these two aspects is proposed to balance the error and distortion in incentives. With the development of information security risk evaluation, the performance estimation error of full-scale information security may decrease. Thus, the proportion of full-scale information security may increase. When the information security level is mature enough, the incentive of information security will entirely depend on the performance estimation of full-scale information security, the accurate correlation of information security work effect and information security strategic aims will be achieved, and the best information security incentive effect will be produced.
出处 《东南大学学报(自然科学版)》 EI CAS CSCD 北大核心 2007年第5期940-944,共5页 Journal of Southeast University:Natural Science Edition
基金 国家自然科学基金资助项目(70671024)
关键词 信息安全 激励 多任务委托-代理 扭曲 information security incentives multi-task principal-agent distortion
  • 相关文献

参考文献11

  • 1Gordon L A,Loeb M P.A framework for using information security as a response to competitor analysis systems[J].Communications of the ACM,2001,44(9):70-75.
  • 2Cavusoglu H,Mishra B,Raghunathan S.A model for evaluating it security investments[J].Communications of the ACM,2004,47(7):87-92.
  • 3Gordon L A,Loeb M P.The economics of information security investment[J].ACM Transactions on Information and System Security,2002,5(4):438-457.
  • 4Ryan Julie J C H,Ryan Daniel J.Expected benefits of information security investments[J].Computers & Security,2006,25(8):579-588.
  • 5Ray B.Information lifecycle security risk assessment:a tool for closing security gaps[J].Computers & Security,2007,26(1):26-30.
  • 6Birman K.The next-generation internet:unsafe at any speed[J].IEEE Computer,2000,33(8):54-60.
  • 7Holmstrom B,Milgrom P.Muliti-task principal-agent problems:incentive contracts,asset ownership,and job design[J].Journal of Law,Economics and Organization,1991,7:24-52.
  • 8Baker G,Gibbons R,Murphy K.Subjective performance measures in optimal incentive contracts[J].Quarterly Journal of Economics,1994,11(109):1125-1156.
  • 9Baker G,Gibbons R,Murphy K.Relational contracts and the theory of the firm[J].Quarterly Journal of Economics,2002,117(1):39-84.
  • 10Lei Z.The value of security audits[D].America,the Graduate School of the University of Maryland,2004.

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部