Looking at information security through a prospect theory lens

Hina Arora; Paul Steinbart; Benjamin Shao

Looking at information security through a prospect theory lens

Hina Arora, Paul Steinbart, Benjamin Shao

Research output: Contribution to journal › Article › peer-review

Abstract

Traditional accounts of decision-making under uncertainty have taken the Von Neumann and Morgenstern approach of Expected Utility Theory that considers how decisions under uncertainty should be made. This prescriptive model states that, when faced with a choice, a rational decision maker will pick the prospect that offers the highest expected utility. But as has been demonstrated by Kahnemann and Tversky in Prospect Theory, decision-making under uncertainty often deviates from what Expected Utility Theory predicts, largely depending on whether the decision is framed as a gain or a loss. According to their model, choices framed as gains often lead to risk-averse behavior, and choices framed as losses often induce risk-seeking behavior. This paper reviews various theories of decision-making under uncertainty and evaluates the relevance of Prospect Theory in the information security context. An instrument is developed to evaluate relevance, preliminary results are presented, and implications for future research are discussed.

Original language	English (US)
Pages (from-to)	1242-1246
Number of pages	5
Journal	Unknown Journal
Volume	2
State	Published - 2006

Keywords

Information security
Prospect theory

ASJC Scopus subject areas

Computer Science Applications
Computer Networks and Communications
Library and Information Sciences
Information Systems

Cite this

@article{796e0f31539b499b83f83167c2b9c182,

title = "Looking at information security through a prospect theory lens",

abstract = "Traditional accounts of decision-making under uncertainty have taken the Von Neumann and Morgenstern approach of Expected Utility Theory that considers how decisions under uncertainty should be made. This prescriptive model states that, when faced with a choice, a rational decision maker will pick the prospect that offers the highest expected utility. But as has been demonstrated by Kahnemann and Tversky in Prospect Theory, decision-making under uncertainty often deviates from what Expected Utility Theory predicts, largely depending on whether the decision is framed as a gain or a loss. According to their model, choices framed as gains often lead to risk-averse behavior, and choices framed as losses often induce risk-seeking behavior. This paper reviews various theories of decision-making under uncertainty and evaluates the relevance of Prospect Theory in the information security context. An instrument is developed to evaluate relevance, preliminary results are presented, and implications for future research are discussed.",

keywords = "Information security, Prospect theory",

author = "Hina Arora and Paul Steinbart and Benjamin Shao",

year = "2006",

language = "English (US)",

volume = "2",

pages = "1242--1246",

journal = "Unknown Journal",

issn = "1878-7320",

publisher = "Scanning Microscopy International",

}

TY - JOUR

T1 - Looking at information security through a prospect theory lens

AU - Arora, Hina

AU - Steinbart, Paul

AU - Shao, Benjamin

PY - 2006

Y1 - 2006

N2 - Traditional accounts of decision-making under uncertainty have taken the Von Neumann and Morgenstern approach of Expected Utility Theory that considers how decisions under uncertainty should be made. This prescriptive model states that, when faced with a choice, a rational decision maker will pick the prospect that offers the highest expected utility. But as has been demonstrated by Kahnemann and Tversky in Prospect Theory, decision-making under uncertainty often deviates from what Expected Utility Theory predicts, largely depending on whether the decision is framed as a gain or a loss. According to their model, choices framed as gains often lead to risk-averse behavior, and choices framed as losses often induce risk-seeking behavior. This paper reviews various theories of decision-making under uncertainty and evaluates the relevance of Prospect Theory in the information security context. An instrument is developed to evaluate relevance, preliminary results are presented, and implications for future research are discussed.

AB - Traditional accounts of decision-making under uncertainty have taken the Von Neumann and Morgenstern approach of Expected Utility Theory that considers how decisions under uncertainty should be made. This prescriptive model states that, when faced with a choice, a rational decision maker will pick the prospect that offers the highest expected utility. But as has been demonstrated by Kahnemann and Tversky in Prospect Theory, decision-making under uncertainty often deviates from what Expected Utility Theory predicts, largely depending on whether the decision is framed as a gain or a loss. According to their model, choices framed as gains often lead to risk-averse behavior, and choices framed as losses often induce risk-seeking behavior. This paper reviews various theories of decision-making under uncertainty and evaluates the relevance of Prospect Theory in the information security context. An instrument is developed to evaluate relevance, preliminary results are presented, and implications for future research are discussed.

KW - Information security

KW - Prospect theory

UR - http://www.scopus.com/inward/record.url?scp=84870034168&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84870034168&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:84870034168

SN - 1878-7320

VL - 2

SP - 1242

EP - 1246

JO - Unknown Journal

JF - Unknown Journal

ER -

Looking at information security through a prospect theory lens

Abstract

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this