IDEAS home Printed from https://ideas.repec.org/a/spr/infosf/v19y2017i3d10.1007_s10796-015-9608-8.html
   My bibliography  Save this article

Organizational information security as a complex adaptive system: insights from three agent-based models

Author

Listed:
  • A. J. Burns

    (The University of Texas at Tyler)

  • Clay Posey

    (The University of Alabama)

  • James F. Courtney

    (Louisiana Tech University)

  • Tom L. Roberts

    (The University of Texas at Tyler)

  • Prabhashi Nanayakkara

    (University of Houston-Clear Lake)

Abstract

The management of information security can be conceptualized as a complex adaptive system because the actions of both insiders and outsiders co-evolve with the organizational environment, thereby leading to the emergence of overall security of informational assets within an organization. Thus, the interactions among individuals and their environments at the micro-level form the overall security posture at the macro-level. Additionally, in this complex environment, security threats evolve constantly, leaving organizations little choice but to evolve alongside those threats or risk losing everything. In order to protect organizational information systems and associated informational assets, managers are forced to adapt to security threats by training employees and by keeping systems and security procedures updated. This research explains how organizational information security can perhaps best be managed as a complex adaptive system (CAS) and models the complexity of IS security risks and organizational responses using agent-based modeling (ABM). We present agent-based models that illustrate simple probabilistic phishing problems as well as models that simulate the organizational security outcomes of complex theoretical security approaches based on general deterrence theory (GDT) and protection motivation theory (PMT).

Suggested Citation

  • A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 2017. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 19(3), pages 509-524, June.
    • Handle: RePEc:spr:infosf:v:19:y:2017:i:3:d:10.1007_s10796-015-9608-8
    DOI: 10.1007/s10796-015-9608-8
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10796-015-9608-8
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10796-015-9608-8?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. John H. Miller & Scott E. Page, 2007. "Social Science in Between, from Complex Adaptive Systems: An Introduction to Computational Models of Social Life," Introductory Chapters, in: Complex Adaptive Systems: An Introduction to Computational Models of Social Life, Princeton University Press.
    2. Herbert A. Simon, 1996. "The Sciences of the Artificial, 3rd Edition," MIT Press Books, The MIT Press, edition 1, volume 1, number 0262691914, April.
    3. Yu, Jiang, 1994. "Punishment celerity and severity: Testing a specific deterrence model on drunk driving recidivism," Journal of Criminal Justice, Elsevier, vol. 22(4), pages 355-366.
    4. John H. Miller & Scott E. Page, 2007. "Complexity in Social Worlds, from Complex Adaptive Systems: An Introduction to Computational Models of Social Life," Introductory Chapters, in: Complex Adaptive Systems: An Introduction to Computational Models of Social Life, Princeton University Press.
    5. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    6. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    7. Xiong Zhang & Alex Tsang & Wei T. Yue & Michael Chau, 2015. "The classification of hackers by knowledge exchange behaviors," Information Systems Frontiers, Springer, vol. 17(6), pages 1239-1251, December.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 0. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 0, pages 1-24.
    2. Jeffrey D. Wall & Prashant Palvia & John D’Arcy, 2022. "Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios," Information Systems Frontiers, Springer, vol. 24(2), pages 637-658, April.
    3. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 2020. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 22(5), pages 1241-1264, October.
    4. A. J. Burns & Clay Posey & Tom L. Roberts, 2021. "Insiders’ Adaptations to Security-Based Demands in the Workplace: An Examination of Security Behavioral Complexity," Information Systems Frontiers, Springer, vol. 23(2), pages 343-360, April.
    5. Eunkyung Kweon & Hansol Lee & Sangmi Chai & Kyeongwon Yoo, 2021. "The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence," Information Systems Frontiers, Springer, vol. 23(2), pages 361-373, April.
    6. Obi M. Ogbanufe & Corey Baham, 2023. "Using Multi-Factor Authentication for Online Account Security: Examining the Influence of Anticipated Regret," Information Systems Frontiers, Springer, vol. 25(2), pages 897-916, April.
    7. Maurizio Cavallari, 2023. "Organizational Determinants and Compliance Behavior to Shape Information Security Plan," Academic Journal of Interdisciplinary Studies, Richtmann Publishing Ltd, vol. 12, November.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 0. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 0, pages 1-16.
    2. A. J. Burns & Tom L. Roberts & Clay Posey & Paul Benjamin Lowry & Bryan Fuller, 2023. "Going Beyond Deterrence: A Middle-Range Theory of Motives and Controls for Insider Computer Abuse," Information Systems Research, INFORMS, vol. 34(1), pages 342-362, March.
    3. Jurgen Spaanderman, 2018. "An urgent call to get better prepared for unexpected events," DNB Occasional Studies 1602, Netherlands Central Bank, Research Department.
    4. Hanappi, Hardy & Scholz-Waeckerle, Manuel, 2015. "Evolutionary Political Economy: Content and Methods," MPRA Paper 75447, University Library of Munich, Germany.
    5. Steve J. Bickley & Benno Torgler, 2021. "Behavioural Economics, What Have we Missed? Exploring “Classical” Behavioural Economics Roots in AI, Cognitive Psychology, and Complexity Theory," CREMA Working Paper Series 2021-21, Center for Research in Economics, Management and the Arts (CREMA).
    6. Dieguez Cameroni, F.J. & Terra, R. & Tabarez, S. & Bommel, P. & Corral, J. & Bartaburu, D. & Pereira, M. & Montes, E. & Duarte, E. & Morales Grosskopf, H., 2014. "Virtual experiments using a participatory model to explore interactions between climatic variability and management decisions in extensive grazing systems in the basaltic region of Uruguay," Agricultural Systems, Elsevier, vol. 130(C), pages 89-104.
    7. Citera, Emanuele & Sau, Lino, 2019. "Complexity, Conventions and Instability: the role of monetary policy," Department of Economics and Statistics Cognetti de Martiis. Working Papers 201924, University of Turin.
    8. Theodosio, Bruno Miller & Weber, Jan, 2023. "Back to the classics: R-evolution towards statistical equilibria," ifso working paper series 28, University of Duisburg-Essen, Institute for Socioeconomics (ifso).
    9. Jeffery S. McMullen & Dimo Dimov, 2013. "Time and the Entrepreneurial Journey: The Problems and Promise of Studying Entrepreneurship as a Process," Journal of Management Studies, Wiley Blackwell, vol. 50(8), pages 1481-1512, December.
    10. Gräbner, Claudius, 2016. "From realism to instrumentalism - and back? Methodological implications of changes in the epistemology of economics," MPRA Paper 71933, University Library of Munich, Germany.
    11. Niceto S. Poblador, 2011. "The Strategy Dilemma : Why Big Business Moves Seldom Pan Out as Planned," UP School of Economics Discussion Papers 201105, University of the Philippines School of Economics.
    12. repec:lib:000cis:v:5:y:2017:i:1:p:26-34 is not listed on IDEAS
    13. Flaminio Squazzoni, 2010. "The impact of agent-based models in the social sciences after 15 years of incursions," History of Economic Ideas, Fabrizio Serra Editore, Pisa - Roma, vol. 18(2), pages 197-234.
    14. Fuat Oğuz, 2020. "Hayekian complexity and the role of regulation in electricity markets," Economic Affairs, Wiley Blackwell, vol. 40(3), pages 406-418, October.
    15. Mykola Odrekhivskyi & Orysya Pshyk-Kovalska & Volodymyr Zhezhukha & Iryna Ivanochko, 2022. "Intelligent Management of Enterprise Business Processes," Mathematics, MDPI, vol. 11(1), pages 1-15, December.
    16. Salter, Alexander William & Tarko, Vlad, 2017. "Polycentric banking and macroeconomic stability," Business and Politics, Cambridge University Press, vol. 19(2), pages 365-395, June.
    17. Silva, Leiser & Hsu, Carol & Backhouse, James & McDonnell, Aidan, 2016. "Resistance and power in a security certification scheme: the case of c:cure," LSE Research Online Documents on Economics 68348, London School of Economics and Political Science, LSE Library.
    18. Chandra, Yanto & Wilkinson, Ian F., 2017. "Firm internationalization from a network-centric complex-systems perspective," Journal of World Business, Elsevier, vol. 52(5), pages 691-701.
    19. Sumantra Sarkar & Anthony Vance & Balasubramaniam Ramesh & Menelaos Demestihas & Daniel Thomas Wu, 2020. "The Influence of Professional Subculture on Information Security Policy Violations: A Field Study in a Healthcare Context," Information Systems Research, INFORMS, vol. 31(4), pages 1240-1259, December.
    20. Mengmeng Song & Joseph Ugrin & Man Li & Jinnan Wu & Shanshan Guo & Wenpei Zhang, 2021. "Do Deterrence Mechanisms Reduce Cyberloafing When It Is an Observed Workplace Norm? A Moderated Mediation Model," IJERPH, MDPI, vol. 18(13), pages 1-16, June.
    21. Paul Dragos Aligica & Vlad Tarko, 2014. "Institutional Resilience and Economic Systems: Lessons from Elinor Ostrom’s Work," Comparative Economic Studies, Palgrave Macmillan;Association for Comparative Economic Studies, vol. 56(1), pages 52-76, March.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:infosf:v:19:y:2017:i:3:d:10.1007_s10796-015-9608-8. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.