{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,19]],"date-time":"2026-06-19T02:17:49Z","timestamp":1781835469567,"version":"3.54.5"},"reference-count":39,"publisher":"Informa UK Limited","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Journal of Management Information Systems"],"published-print":{"date-parts":[[2009,12]]},"DOI":"10.2753\/mis0742-1222260308","type":"journal-article","created":{"date-parts":[[2010,3,2]],"date-time":"2010-03-02T02:05:37Z","timestamp":1267495537000},"page":"241-274","source":"Crossref","is-referenced-by-count":57,"title":["Risks and Benefits of Signaling Information System Characteristics to Strategic Attackers"],"prefix":"10.1080","volume":"26","author":[{"given":"Marco","family":"Cremonini","sequence":"first","affiliation":[{"name":"a Department of Information Technology, University of Milan, Italy"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Dmitri","family":"Nizovtsev","sequence":"additional","affiliation":[{"name":"b Washburn University School of Business, Topeka, Kansas"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"301","published-online":{"date-parts":[[2014,12,8]]},"reference":[{"issue":"3","key":"1","doi-asserted-by":"crossref","first-page":"488","DOI":"10.2307\/1879431","article-title":"The market for \"lemons\": Quality uncertainty and market mechanism","volume":"84","author":"G. Akerlof","year":"1970","journal-title":"Quarterly Journal of Economics"},{"key":"2","doi-asserted-by":"crossref","first-page":"68","DOI":"10.1007\/978-3-540-74143-5_5","volume-title":"Advances in Cryptology\u2014CRYPTO 2007","author":"R. Anderson","year":"2007"},{"issue":"11","key":"3","doi-asserted-by":"crossref","first-page":"1703","DOI":"10.1287\/mnsc.1060.0568","article-title":"Network software security and user incentives","volume":"52","author":"T. August","year":"2006","journal-title":"Management Science"},{"key":"4","unstructured":"Avizienis, A.; Laprie, J.; and Randell, B. Fundamental concepts of dependability. Technical Report no. 01145, Laboratoire d'Analyse et d'Architecture des Systemes, Centre National de la Recherche Scientifique, Toulouse, France, 2001."},{"issue":"1","key":"5","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1109\/TDSC.2004.2","article-title":"Basic concepts and taxonomy of dependable and secure computing","volume":"1","author":"A. Avizienis","year":"2004","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"6","unstructured":"Baker, W. H.; Hylender, C. D.; and Valentine, J. A. 2008 data breach investigation report. Verizon Business Risk Team, New York, 2008 (available at <a target=\"_blank\" href='http:\/\/www.verizonbusiness.com\/resources\/security\/databreachreport.pdf'>www.verizonbusiness.com\/resources\/security\/databreachreport.pdf<\/a>"},{"issue":"3","key":"7","doi-asserted-by":"crossref","first-page":"385","DOI":"10.1086\/261880","article-title":"The economic way of looking at behavior","volume":"101","author":"G. Becker","year":"1993","journal-title":"Journal of Political Economy"},{"issue":"4","key":"8","doi-asserted-by":"crossref","first-page":"563","DOI":"10.1111\/j.1467-9779.2007.00320.x","article-title":"Choosing what to protect: Strategic defensive allocation against an unknown attacker","volume":"9","author":"V. Bier","year":"2007","journal-title":"Journal of Public Economic Theory"},{"issue":"3","key":"9","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1287\/deca.1040.0022","article-title":"Configuration of detection software: A comparison of decision and game theory approaches","volume":"1","author":"H. Cavusoglu","year":"2004","journal-title":"Decision Analysis"},{"issue":"7","key":"10","doi-asserted-by":"crossref","first-page":"87","DOI":"10.1145\/1005817.1005828","article-title":"A model for evaluating IT security investments","volume":"47","author":"H. Cavusoglu","year":"2004","journal-title":"Communications of the ACM"},{"issue":"1","key":"11","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1287\/isre.1050.0041","article-title":"The value of intrusion detection systems in information technology security architecture","volume":"16","author":"H. Cavusoglu","year":"2005","journal-title":"Information Systems Research"},{"issue":"2","key":"12","doi-asserted-by":"crossref","first-page":"281","DOI":"10.2753\/MIS0742-1222250211","article-title":"Decision theoretic and game-theoretic approaches to IT security investment","volume":"25","author":"H. Cavusoglu","year":"2008","journal-title":"Journal of Management Information Systems"},{"key":"13","article-title":"Understanding and influencing attackers' decisions: Implications for security investment strategies","author":"M. Cremonini","year":"2006"},{"key":"14","doi-asserted-by":"crossref","first-page":"119","DOI":"10.4324\/9780203500972.ch7","volume-title":"Researching Terrorism Trends, Achievements, Failures","author":"W. Enders","year":"2004"},{"key":"15","first-page":"375","article-title":"An inquiry into the nature and causes of the wealth of Internet miscreants","author":"J. Franklin","year":"2007"},{"issue":"4","key":"16","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1145\/581271.581274","article-title":"The economics of information security investment","volume":"5","author":"L. Gordon","year":"2002","journal-title":"ACM Transactions on Information and System Security"},{"key":"17","volume-title":"Managing Cybersecurity Resources: A Cost-Benefit Analysis","author":"L. Gordon","year":"2005"},{"issue":"6","key":"18","doi-asserted-by":"crossref","first-page":"629","DOI":"10.1016\/j.jaccpubpol.2006.09.001","article-title":"Income, interdependence, and substitution effects affecting incentives for security investment","volume":"25","author":"K. Hausken","year":"2006","journal-title":"Journal of Accounting and Public Policy"},{"issue":"2","key":"19","doi-asserted-by":"crossref","first-page":"856","DOI":"10.1016\/j.ejor.2007.02.013","article-title":"Strategic defense and attack for series and parallel reliability systems","volume":"186","author":"K. Hausken","year":"2008","journal-title":"European Journal of Operational Research"},{"issue":"4","key":"20","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1109\/32.588541","article-title":"A quantitative model of the security intrusion process based on attacker behavior","volume":"23","author":"E. Jonsson","year":"1997","journal-title":"IEEE Transactions on Software Engineering"},{"key":"21","volume-title":"Deterrence and Crime Prevention: Reconsidering the Prospect of Sanction","author":"D. Kennedy","year":"2008"},{"key":"22","unstructured":"Kiefer Peretti, K. Data breaches: What the underground world of \"carding\" reveals. Computer Crime and Intellectual Property Section, U. S. Department of Justice, Washington, DC, 2008 (available at <a target=\"_blank\" href='http:\/\/www.usdoj.gov\/criminal\/cybercrime\/DataBreachesArticle.pdf'>www.usdoj.gov\/criminal\/cybercrime\/DataBreachesArticle.pdf<\/a>"},{"issue":"2-3","key":"23","doi-asserted-by":"crossref","first-page":"231","DOI":"10.1023\/A:1024119208153","article-title":"Interdependent security","volume":"26","author":"H. Kuhnreuther","year":"2003","journal-title":"Journal of Risk and Uncertainty"},{"issue":"2","key":"24","first-page":"511","article-title":"The economics of computer hacking","volume":"1","author":"P. Leeson","year":"2006","journal-title":"Journal of Law, Economics and Policy"},{"issue":"3","key":"25","doi-asserted-by":"crossref","first-page":"211","DOI":"10.3233\/JCS-1993-22-308","article-title":"Towards operational measures of computer security","volume":"2","author":"B. Littlewood","year":"1993","journal-title":"Journal of Computer Security"},{"issue":"1","key":"26","doi-asserted-by":"crossref","first-page":"78","DOI":"10.1145\/1053283.1053288","article-title":"Incentive-based modeling and inference of attacker intent, objectives, and strategies","volume":"8","author":"P. Liu","year":"2005","journal-title":"ACM Transactions on Information and System Security"},{"key":"27","first-page":"119","article-title":"Attack-potential-based survivability modeling for high-consequence systems","author":"J. McDermott","year":"2005"},{"issue":"1","key":"28","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1109\/TDSC.2004.11","article-title":"Model-based evaluation: From dependability to security","volume":"1","author":"D. Nicol","year":"2004","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"issue":"2","key":"29","doi-asserted-by":"crossref","first-page":"274","DOI":"10.1145\/996943.996947","article-title":"Techniques and tools for analyzing intrusion alerts","volume":"7","author":"P. Ning","year":"2004","journal-title":"ACM Transactions on Information and System Security"},{"issue":"5","key":"30","doi-asserted-by":"crossref","first-page":"633","DOI":"10.1109\/32.815323","article-title":"Experiments with quantitative evaluation tools for monitoring operational security","volume":"25","author":"R. Ortalo","year":"1999","journal-title":"IEEE Transactions on Software Engineering"},{"issue":"2","key":"31","doi-asserted-by":"crossref","first-page":"125","DOI":"10.2753\/MIS0742-1222250206","article-title":"The deterrent and displacement effects of information security enforcement: International evidence","volume":"25","author":"I. Png","year":"2008","journal-title":"Journal of Management Information Systems"},{"issue":"3","key":"32","doi-asserted-by":"crossref","first-page":"671","DOI":"10.2307\/1912607","article-title":"A dynamic game of R&D: Patent protection and competitive behavior","volume":"50","author":"J. Reinganum","year":"1982","journal-title":"Econometrica"},{"key":"33","unstructured":"Schechter, S. E. Computer security strength and risk: A quantitative approach. Ph.D. dissertation, Division of Engineering and Applied Sciences, Harvard University, Cambridge, 2004."},{"key":"34","first-page":"122","article-title":"How much security is enough to stop a thief? The economics of outsider theft via computer systems and networks","author":"S. Schechter","year":"2003"},{"issue":"1","key":"35","first-page":"163","article-title":"A model for when disclosure helps security: What is different about computer and network security?","volume":"3","author":"P. Swire","year":"2004","journal-title":"Journal on Telecommunications and High Technology Law"},{"issue":"5","key":"36","first-page":"1333","article-title":"A theory of disclosure for security and competitive reasons: Open source, proprietary software, and government agencies","volume":"42","author":"P. Swire","year":"2006","journal-title":"Houston Law Review"},{"issue":"3","key":"37","doi-asserted-by":"crossref","first-page":"146","DOI":"10.1109\/TDSC.2004.21","article-title":"A comprehensive approach to intrusion detection alert correlation","volume":"1","author":"F. Valeur","year":"2004","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"issue":"2-3","key":"38","doi-asserted-by":"crossref","first-page":"1","DOI":"10.3233\/JCS-2000-82-305","article-title":"Fixed- vs. variable-length patterns for detecting suspicious process behavior","volume":"8","author":"A. Wespi","year":"2000","journal-title":"Journal of Computer Security"},{"issue":"1","key":"39","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/1210263.1210267","article-title":"Modeling network intrusion detection alerts for correlation","volume":"10","author":"J. Zhou","year":"2007","journal-title":"ACM Transactions on Information and System Security"}],"container-title":["Journal of Management Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.tandfonline.com\/doi\/pdf\/10.2753\/MIS0742-1222260308","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,2,26]],"date-time":"2019-02-26T23:32:29Z","timestamp":1551223949000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.tandfonline.com\/doi\/full\/10.2753\/MIS0742-1222260308"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009,12]]},"references-count":39,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2014,12,8]]},"published-print":{"date-parts":[[2009,12]]}},"alternative-id":["10.2753\/MIS0742-1222260308"],"URL":"https:\/\/doi.org\/10.2753\/mis0742-1222260308","relation":{},"ISSN":["0742-1222","1557-928X"],"issn-type":[{"value":"0742-1222","type":"print"},{"value":"1557-928X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009,12]]}}}