IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/vyid10.1007_s10796-015-9608-8.html
   My bibliography  Save this article

Organizational information security as a complex adaptive system: insights from three agent-based models

Author

Listed:
  • A. J. Burns

    (The University of Texas at Tyler)

  • Clay Posey

    (The University of Alabama)

  • James F. Courtney

    (Louisiana Tech University)

  • Tom L. Roberts

    (The University of Texas at Tyler)

  • Prabhashi Nanayakkara

    (University of Houston-Clear Lake)

Abstract

The management of information security can be conceptualized as a complex adaptive system because the actions of both insiders and outsiders co-evolve with the organizational environment, thereby leading to the emergence of overall security of informational assets within an organization. Thus, the interactions among individuals and their environments at the micro-level form the overall security posture at the macro-level. Additionally, in this complex environment, security threats evolve constantly, leaving organizations little choice but to evolve alongside those threats or risk losing everything. In order to protect organizational information systems and associated informational assets, managers are forced to adapt to security threats by training employees and by keeping systems and security procedures updated. This research explains how organizational information security can perhaps best be managed as a complex adaptive system (CAS) and models the complexity of IS security risks and organizational responses using agent-based modeling (ABM). We present agent-based models that illustrate simple probabilistic phishing problems as well as models that simulate the organizational security outcomes of complex theoretical security approaches based on general deterrence theory (GDT) and protection motivation theory (PMT).

Suggested Citation

  • A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 0. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 0, pages 1-16.
    • Handle: RePEc:spr:infosf:v::y::i::d:10.1007_s10796-015-9608-8
    DOI: 10.1007/s10796-015-9608-8
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-015-9608-8
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-015-9608-8?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. John H. Miller & Scott E. Page, 2007. "Social Science in Between, from Complex Adaptive Systems: An Introduction to Computational Models of Social Life," Introductory Chapters, in: Complex Adaptive Systems: An Introduction to Computational Models of Social Life, Princeton University Press.
    2. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    3. Xiong Zhang & Alex Tsang & Wei T. Yue & Michael Chau, 2015. "The classification of hackers by knowledge exchange behaviors," Information Systems Frontiers, Springer, vol. 17(6), pages 1239-1251, December.
    4. Herbert A. Simon, 1996. "The Sciences of the Artificial, 3rd Edition," MIT Press Books, The MIT Press, edition 1, volume 1, number 0262691914, December.
    5. Yu, Jiang, 1994. "Punishment celerity and severity: Testing a specific deterrence model on drunk driving recidivism," Journal of Criminal Justice, Elsevier, vol. 22(4), pages 355-366.
    6. John H. Miller & Scott E. Page, 2007. "Complexity in Social Worlds, from Complex Adaptive Systems: An Introduction to Computational Models of Social Life," Introductory Chapters, in: Complex Adaptive Systems: An Introduction to Computational Models of Social Life, Princeton University Press.
    7. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 0. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    2. Robert E. Crossler & France Bélanger & Dustin Ormond, 2019. "The quest for complete security: An empirical analysis of users’ multi-layered protection from security threats," Information Systems Frontiers, Springer, vol. 21(2), pages 343-357, April.
    3. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 2020. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 22(5), pages 1241-1264, October.
    4. A. J. Burns & Clay Posey & Tom L. Roberts, 2021. "Insiders’ Adaptations to Security-Based Demands in the Workplace: An Examination of Security Behavioral Complexity," Information Systems Frontiers, Springer, vol. 23(2), pages 343-360, April.
    5. Eunkyung Kweon & Hansol Lee & Sangmi Chai & Kyeongwon Yoo, 2021. "The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence," Information Systems Frontiers, Springer, vol. 23(2), pages 361-373, April.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 2017. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 19(3), pages 509-524, June.
    2. A. J. Burns & Tom L. Roberts & Clay Posey & Paul Benjamin Lowry & Bryan Fuller, 2023. "Going Beyond Deterrence: A Middle-Range Theory of Motives and Controls for Insider Computer Abuse," Information Systems Research, INFORMS, vol. 34(1), pages 342-362, March.
    3. Steve J. Bickley & Benno Torgler, 2021. "Behavioural Economics, What Have we Missed? Exploring “Classical” Behavioural Economics Roots in AI, Cognitive Psychology, and Complexity Theory," CREMA Working Paper Series 2021-21, Center for Research in Economics, Management and the Arts (CREMA).
    4. Dieguez Cameroni, F.J. & Terra, R. & Tabarez, S. & Bommel, P. & Corral, J. & Bartaburu, D. & Pereira, M. & Montes, E. & Duarte, E. & Morales Grosskopf, H., 2014. "Virtual experiments using a participatory model to explore interactions between climatic variability and management decisions in extensive grazing systems in the basaltic region of Uruguay," Agricultural Systems, Elsevier, vol. 130(C), pages 89-104.
    5. Jurgen Spaanderman, 2018. "An urgent call to get better prepared for unexpected events," DNB Occasional Studies 1602, Netherlands Central Bank, Research Department.
    6. Hanappi, Hardy & Scholz-Waeckerle, Manuel, 2015. "Evolutionary Political Economy: Content and Methods," MPRA Paper 75447, University Library of Munich, Germany.
    7. Bier, Vicki & Gutfraind, Alexander, 2019. "Risk analysis beyond vulnerability and resilience – characterizing the defensibility of critical systems," European Journal of Operational Research, Elsevier, vol. 276(2), pages 626-636.
    8. Citera, Emanuele & Sau, Lino, 2019. "Complexity, Conventions and Instability: the role of monetary policy," Department of Economics and Statistics Cognetti de Martiis. Working Papers 201924, University of Turin.
    9. Theodosio, Bruno Miller & Weber, Jan, 2023. "Back to the classics: R-evolution towards statistical equilibria," ifso working paper series 28, University of Duisburg-Essen, Institute for Socioeconomics (ifso).
    10. Jeffery S. McMullen & Dimo Dimov, 2013. "Time and the Entrepreneurial Journey: The Problems and Promise of Studying Entrepreneurship as a Process," Journal of Management Studies, Wiley Blackwell, vol. 50(8), pages 1481-1512, December.
    11. Andrew W. Bausch, 2014. "Evolving intergroup cooperation," Computational and Mathematical Organization Theory, Springer, vol. 20(4), pages 369-393, December.
    12. Levent Yilmaz, 2011. "Toward Multi-Level, Multi-Theoretical Model Portfolios for Scientific Enterprise Workforce Dynamics," Journal of Artificial Societies and Social Simulation, Journal of Artificial Societies and Social Simulation, vol. 14(4), pages 1-2.
    13. Mark Lubell & Adam Douglas Henry & Mike McCoy, 2010. "Collaborative Institutions in an Ecology of Games," American Journal of Political Science, John Wiley & Sons, vol. 54(2), pages 287-300, April.
    14. Gräbner, Claudius, 2016. "From realism to instrumentalism - and back? Methodological implications of changes in the epistemology of economics," MPRA Paper 71933, University Library of Munich, Germany.
    15. Michael Rothgang & Jochen Dehio & Bernhard Lageman, 2019. "Analysing the effects of cluster policy: What can we learn from the German leading-edge cluster competition?," The Journal of Technology Transfer, Springer, vol. 44(6), pages 1673-1697, December.
    16. Christopher J. Burman & Marota Aphane, 2017. "Complex HIV/AIDS Landscapes: Reflections on How ‘Path Creation’ Influenced an Action-Oriented Intervention," Systemic Practice and Action Research, Springer, vol. 30(1), pages 45-66, February.
    17. Niceto S. Poblador, 2011. "The Strategy Dilemma : Why Big Business Moves Seldom Pan Out as Planned," UP School of Economics Discussion Papers 201105, University of the Philippines School of Economics.
    18. Martha G. Alatriste-Contreras & Martín Puchet Anyul, 2021. "The Spreading of Shocks in the North America Production Network and Its Relation to the Properties of the Network," Mathematics, MDPI, vol. 9(21), pages 1-19, November.
    19. repec:lib:000cis:v:5:y:2017:i:1:p:26-34 is not listed on IDEAS
    20. Flaminio Squazzoni, 2010. "The impact of agent-based models in the social sciences after 15 years of incursions," History of Economic Ideas, Fabrizio Serra Editore, Pisa - Roma, vol. 18(2), pages 197-234.
    21. Fuat Oğuz, 2020. "Hayekian complexity and the role of regulation in electricity markets," Economic Affairs, Wiley Blackwell, vol. 40(3), pages 406-418, October.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v::y::i::d:10.1007_s10796-015-9608-8. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.