检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]扬州大学商学院,江苏扬州225127 [2]东南大学经济管理学院,江苏南京211100
出 处:《科研管理》2017年第12期165-172,共8页Science Research Management
基 金:国家自然科学基金资助项目(71071033);扬州大学人文社科研究基金项目(xjj2016-38)
摘 要:以IDSs和人工调查技术组合为例,通过构建博弈模型,分析了基于风险偏好的信息系统安全技术选择与配置策略,认为组织信息系统安全技术的选择与配置不仅受其自身风险偏好影响,同时还受黑客风险偏好影响。研究结论显示:组织在黑客期望收益很低时对风险厌恶型黑客的人工调查率更高,而在黑客期望收益很高时对风险中立型黑客的调查率更高;黑客在组织人工调查成本较低时更倾向于入侵风险中立型组织,在人工调查成本很高时更愿意入侵风险厌恶型组织;多IDSs的防护效率并非总是优于单IDS,组织在两者之间选择时取防护效率高者,而不受风险偏好影响。By taking the IDSs and manual investigation technology portfolio as the example and by constructing the game model,the selection and configuration of information system security technologies on the basis of risk preference was analyzed through a game model,considering that an organization's information system security technology strategy was not only influenced by its own risk preference,but also by the hacker's. The conclusions of this paper show us that organizations would investigate risk aversion hackers manually more than risk neutral ones when the hackers' expected revenues are very low,otherwise they would investigate risk neutral hackers manually more; hackers would intrude risk neutral organizations more probably when the costs of manual investigation are low,otherwise they would intrude risk aversion organizations more; the protective efficiency of deploying multiple IDSs is not always higher than deploying single one,and the technology portfolio with higher protective efficiency would be chosen by organizations,which is not influenced by risk preferences.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.3