IDEAS home Printed from https://ideas.repec.org/a/eee/ininma/v32y2012i5p409-418.html
   My bibliography  Save this article

Improving information security management: An analysis of ID–password usage and a new login vulnerability measure

Author

Listed:
  • Bang, Youngsok
  • Lee, Dong-Joo
  • Bae, Yoon-Soo
  • Ahn, Jae-Hyeon

Abstract

Statistics show that the number of identity theft victims in the US increased by 12% in 2009, to 11.1 million adults, while the total annual fraud amount increased by 12.5%, to $54 billion. As the e-commerce volume is increasing and various online services are becoming more popular, the number of sites to which an average Internet user subscribes is increasing rapidly. Given the limited memory capacity of human beings, an Internet user's login credentials (in the form of a combination of a user ID and a password) are usually reused over multiple accounts, which can cause significant security problems. In this study, we address the vulnerability of login credentials. First, based on a unique Internet user data set, we analyze the behavioral characteristics of login credentials usage. We find that the same login credentials are used for many more accounts and reused much more often than previously expected. Furthermore, usage patterns are found to be quite skewed. Second, building on a network perspective of login credentials usage, we suggest a vulnerability measure of an individual's login credentials and analyze the vulnerability of current Internet users. The resulting information is valuable not only to the research community but also to managers and policy makers striving to reduce security vulnerability.

Suggested Citation

  • Bang, Youngsok & Lee, Dong-Joo & Bae, Yoon-Soo & Ahn, Jae-Hyeon, 2012. "Improving information security management: An analysis of ID–password usage and a new login vulnerability measure," International Journal of Information Management, Elsevier, vol. 32(5), pages 409-418.
    • Handle: RePEc:eee:ininma:v:32:y:2012:i:5:p:409-418
    DOI: 10.1016/j.ijinfomgt.2012.01.001
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0268401212000023
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijinfomgt.2012.01.001?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Janhonen, Minna & Johanson, Jan-Erik, 2011. "Role of knowledge conversion and social networks in team performance," International Journal of Information Management, Elsevier, vol. 31(3), pages 217-225.
    2. S. Redner, 1998. "How popular is your paper? An empirical study of the citation distribution," The European Physical Journal B: Condensed Matter and Complex Systems, Springer;EDP Sciences, vol. 4(2), pages 131-134, July.
    3. Morten T. Hansen, 2002. "Knowledge Networks: Explaining Effective Knowledge Sharing in Multiunit Companies," Organization Science, INFORMS, vol. 13(3), pages 232-248, June.
    4. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    5. H. Jeong & B. Tombor & R. Albert & Z. N. Oltvai & A.-L. Barabási, 2000. "The large-scale organization of metabolic networks," Nature, Nature, vol. 407(6804), pages 651-654, October.
    6. Doherty, Neil Francis & Anastasakis, Leonidas & Fulford, Heather, 2011. "Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy," International Journal of Information Management, Elsevier, vol. 31(3), pages 201-209.
    7. Jacob Goldenberg & Barak Libai & Eitan Muller & Stefan Stremersch, 2010. "Database Submission—The Evolving Social Network of Marketing Scholars," Marketing Science, INFORMS, vol. 29(3), pages 561-567, 05-06.
    8. Patel, Sandip C. & Graham, James H. & Ralston, Patricia A.S., 2008. "Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements," International Journal of Information Management, Elsevier, vol. 28(6), pages 483-491.
    9. Blumenberg, Stefan & Wagner, Heinz-Theo & Beimborn, Daniel, 2009. "Knowledge transfer processes in IT outsourcing relationships and their impact on shared knowledge and outsourcing performance," International Journal of Information Management, Elsevier, vol. 29(5), pages 342-352.
    10. Ray M. Chang & Wonseok Oh & Alain Pinsonneault & Dowan Kwon, 2010. "A Network Perspective of Digital Competition in Online Advertising Industries: A Simulation-Based Approach," Information Systems Research, INFORMS, vol. 21(3), pages 571-593, September.
    11. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    12. Gerald C. Kane & Maryam Alavi, 2008. "Casting the Net: A Multimodal Network Perspective on User-System Interactions," Information Systems Research, INFORMS, vol. 19(3), pages 253-272, September.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Pavía, Jose M. & Veres-Ferrer, Ernesto J. & Foix-Escura, Gabriel, 2012. "Credit card incidents and control systems," International Journal of Information Management, Elsevier, vol. 32(6), pages 501-503.
    2. Henriques de Gusmão, Ana Paula & Mendonça Silva, Maisa & Poleto, Thiago & Camara e Silva, Lúcio & Cabral Seixas Costa, Ana Paula, 2018. "Cybersecurity risk analysis model using fault tree analysis and fuzzy decision theory," International Journal of Information Management, Elsevier, vol. 43(C), pages 248-260.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. V. S. Prakash Attili & Saji K. Mathew & Vijayan Sugumaran, 2022. "Information Privacy Assimilation in IT Organizations," Information Systems Frontiers, Springer, vol. 24(5), pages 1497-1513, October.
    2. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 2017. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 19(3), pages 509-524, June.
    3. Silva, Leiser & Hsu, Carol & Backhouse, James & McDonnell, Aidan, 2016. "Resistance and power in a security certification scheme: the case of c:cure," LSE Research Online Documents on Economics 68348, London School of Economics and Political Science, LSE Library.
    4. Sumantra Sarkar & Anthony Vance & Balasubramaniam Ramesh & Menelaos Demestihas & Daniel Thomas Wu, 2020. "The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context," Information Systems Research, INFORMS, vol. 31(4), pages 1240-1259, December.
    5. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    6. Jack Shih-Chieh Hsu & Sheng-Pao Shih & Yu Wen Hung & Paul Benjamin Lowry, 2015. "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness," Information Systems Research, INFORMS, vol. 26(2), pages 282-300, June.
    7. Mengmeng Song & Joseph Ugrin & Man Li & Jinnan Wu & Shanshan Guo & Wenpei Zhang, 2021. "Do Deterrence Mechanisms Reduce Cyberloafing When It Is an Observed Workplace Norm? A Moderated Mediation Model," IJERPH, MDPI, vol. 18(13), pages 1-16, June.
    8. J. Esquivel-Gómez & R. E. Balderas-Navarro & P. D. Arjona-Villicaña & P. Castillo-Castillo & O. Rico-Trejo & J. Acosta-Elias, 2017. "On the Emergence of Islands in Complex Networks," Complexity, Hindawi, vol. 2017, pages 1-10, January.
    9. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 0. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 0, pages 1-16.
    10. Yeşim Güney & Yetkin Tuaç & Olcay Arslan, 2017. "Marshall–Olkin distribution: parameter estimation and application to cancer data," Journal of Applied Statistics, Taylor & Francis Journals, vol. 44(12), pages 2238-2250, September.
    11. Gamannossi degl’Innocenti, Duccio & Rablen, Matthew D., 2020. "Tax evasion on a social network," Journal of Economic Behavior & Organization, Elsevier, vol. 169(C), pages 79-91.
    12. A. J. Burns & Tom L. Roberts & Clay Posey & Paul Benjamin Lowry & Bryan Fuller, 2023. "Going Beyond Deterrence: A Middle-Range Theory of Motives and Controls for Insider Computer Abuse," Information Systems Research, INFORMS, vol. 34(1), pages 342-362, March.
    13. Teo, Thompson S.H., 2012. "Knowledge management in client–vendor partnerships," International Journal of Information Management, Elsevier, vol. 32(5), pages 451-458.
    14. Fu, Jingcheng & Wu, Jianliang & Liu, Chuanjian & Xu, Jin, 2016. "Leaders in communities of real-world networks," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 444(C), pages 428-441.
    15. Eun Hee Park & Jongwoo Kim & Lynn Wiles, 2023. "The role of collectivism and moderating effect of IT proficiency on intention to disclose protected health information," Information Technology and Management, Springer, vol. 24(2), pages 177-193, June.
    16. Bryce Thomas & Raja Jurdak & Kun Zhao & Ian Atkinson, 2016. "Diffusion in Colocation Contact Networks: The Impact of Nodal Spatiotemporal Dynamics," PLOS ONE, Public Library of Science, vol. 11(8), pages 1-21, August.
    17. Claes Andersson & Koen Frenken & Alexander Hellervik, 2006. "A Complex Network Approach to Urban Growth," Environment and Planning A, , vol. 38(10), pages 1941-1964, October.
    18. Qian Tang & Andrew B. Whinston, 2020. "Do Reputational Sanctions Deter Negligence in Information Security Management? A Field Quasi‐Experiment," Production and Operations Management, Production and Operations Management Society, vol. 29(2), pages 410-427, February.
    19. Simon Trang & Benedikt Brendel, 2019. "A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research," Information Systems Frontiers, Springer, vol. 21(6), pages 1265-1284, December.
    20. Patricia L. Moravec & Antino Kim & Alan R. Dennis, 2020. "Appealing to Sense and Sensibility: System 1 and System 2 Interventions for Fake News on Social Media," Information Systems Research, INFORMS, vol. 31(3), pages 987-1006, September.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ininma:v:32:y:2012:i:5:p:409-418. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-information-management .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.