Degree Type
Dissertation
Date of Award
2017
Degree Name
Doctor of Philosophy
Department
Theses & dissertations (College of Business)
Major
Business and Technology
First Advisor
Elizabeth Hoffman
Second Advisor
Dan Zhu
Abstract
Information assets are one of the most valuable intangible productive capital for a company to compete with its rivals, to learn consumers’ shopping habits, to guide its development directions, and to standout to retain its profitability. However, with the Internet’s characteristic of pervasiveness, information breaches from both external hacking and internal corruption are continuously encroaching a company’s economic profit. This dissertation consists of three studies where each study investigates the different aspects of information security, and it is aimed to address the growing concern of securing a company’s information assets. The first study examines the external hackers’ behaviors and models a Bayesian game between a firm and two discrete types of hackers (domestic and international) based on the framework of Inspection Game. This study explains why external hackings, especially the international ones, are hard to prevent effectively. The second study is an empirical work and explores the other side of information security data breach, which is mainly due to insiders’ (e.g., employee) malicious deeds or noncompliance with information security policy. This study shows that individual reward and punishment together with 100% detection is the best incentive structure to reduce insider data breaches. In addition, the second study finds that individual reward is more effective than individual punishment, which can better explain why employees are more willing to spend time to comply with security policy when a reward is present. Lastly, the third study is a conceptual work and relies on the Theory of Bounded Rationality to discuss how the Blockchain technology can undermine the motivations of both external and internal intruders in order to prevent information breaches. Overall, this dissertation discusses the current issues of hacking, constructs a payment/incentive structure to regulate noncompliance, empirically tests the validity of the proposed structure, points out a solution to advance information security defense, and provides some managerial recommendations to practitioners.
DOI
https://doi.org/10.31274/etd-180810-5183
Copyright Owner
Yuanxiang Li
Copyright Date
2017
Language
en
File Format
application/pdf
File Size
161 pages
Recommended Citation
Li, Yuanxiang, "Information security research: External hacking, insider breach, and profound technologies" (2017). Graduate Theses and Dissertations. 15566.
https://lib.dr.iastate.edu/etd/15566
Included in
Behavioral Neurobiology Commons, Databases and Information Systems Commons, Economics Commons