When Hackers Talk: Managing Information Security Under Variable Attack Rates and Knowledge Dissemination
Published Online:8 Apr 2011https://doi.org/10.1287/isre.1100.0341
References
- Windows of vulnerability: A case study analysis. Computer (2000) 33(3):52–59Google Scholar
- Optimal policy for software vulnerability disclosure. Management Sci. (2008) 54(4):642–656Link, Google Scholar
- Maintaining diagnositic knowledge-based systems, a control theoretic approach. Management Sci. (2009) 55(2):294–310Link, Google Scholar
- Induction over strategic agents. Inform. Systems Res. (2010) 21(1):170–189Link, Google Scholar
- Configuration of and interaction between information security technologies: The case of firewalls and intrusion detection systems. Inform. Systems Res. (2009) 20(2):198–217Link, Google Scholar
- Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network (2003) (Wiley Publishing, Indianapolis) Google Scholar
- Ernst & Young Moving beyond compliance. Ernst & Young's 2008 global information security survey. (2008) . Technical report. Ernst & Young. http://www.ey.com/Global/assets.nsf/International/TSRS_Global_Information_Security_Survey_2008/$file/TSRS_Global_Information_Security_Survey_2008.pdfGoogle Scholar
- Hacking for dollars. (2005) . CNET News. http://news.cnet.com/Hacking-for-dollars/2100-7349_3-5772238.htmlGoogle Scholar
- Sharing information on computer systems security: An economic analysis. J. Accounting Public Policy (2003) 22:461–485Crossref, Google Scholar
- Using attack graphs to design systems. IEEE Security Privacy (2007) 5(4):80–83Crossref, Google Scholar
- Imprivata PCI data security standard. (2007) . Imprivata. http://www.computerworld.com/pdfs/Imprivita_A_Pathway_to_PCI_Compliance.pdfGoogle Scholar
- Convergence. Inform. Security Tech. Rep. (2007) 12:69–110Crossref, Google Scholar
- A sociology of hackers. Sociol. Rev. (1998) 46(4):757–780Crossref, Google Scholar
- A data mining framework for building intrusion detection models. IEEE Sympos. Security and Privacy 01–20 (1999) IEEE Conference ProceedingsOakland, CAGoogle Scholar
- Adversarial classification. Proc. 2004 Internat. Sympos. Knowledge Discovery and Data Mining (KDD 2004) (2004) Seattle, WAGoogle Scholar
- Hacking Exposed: Network Security Secrets and Solutions (2005) (McGraw-Hill, Emeryville, CA) Google Scholar
- The Art of Deception (2002) (Wiley Publishing, Indianapolis) Google Scholar
- Guide to intrusion detection and prevention systems (idps). (2007) . Special Publication 800-30, National Institute of Standards and Technology (NIST), Technology Administration, U.S. Department of Commerce, http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdfGoogle Scholar
- Converting website visitors into buyers: How website investment increases consumer trusting beliefs and online purchase intentions. J. Marketing (2006) 70:133–148Crossref, Google Scholar
- Sophos Sophos security threat report 2008. (2008) . Technical report. http://www.rsaconference.com/uploadedFiles/RSA365/Security_Topics/Hackers_and_Threats/White_Papers/Sophos/sophos-security-report-08.pdfGoogle Scholar
- A decision analysis method for evaluating computer intrusion detection systems. Decision Anal. (2004) 1(1):35–50Link, Google Scholar
- United States Government Accountability Office (U.S. Govt.) Personal information: Data breaches are frequent, but evidence of resulting identity theft is limited; however, the full extent is unknown. (2007) . Technical report, http://www.gao.gov/new.items/d07737.pdfGoogle Scholar
- Intrusion prevention in information systems: Reactive and proactive response. J. Management Inform. Systems (2007) 24(1):329–353Crossref, Google Scholar
- Black market in stolen credit card data thrives on Internet. New York Times (2005) . http://www.nytimes.com/2005/06/21/technology/21data.htmlGoogle Scholar

