Perverse Effects in Defense of Computer Systems: When More Is Less
成果类型:
Article
署名作者:
Wolff, Josephine
署名单位:
Rochester Institute of Technology
刊物名称:
JOURNAL OF MANAGEMENT INFORMATION SYSTEMS
ISSN/ISSBN:
0742-1222
DOI:
10.1080/07421222.2016.1205934
发表日期:
2016
页码:
597-620
关键词:
information-systems
security
ORGANIZATIONS
VIOLATIONS
advantage
摘要:
With computer security spending on the rise, organizations seem to have accepted the notion that buying more-and more expensive-defenses allows them to better protect their computer systems. In the context of complex computer systems, however, defenses can also have the opposite effect, creating new, unforeseen vulnerabilities in the systems they are intended to protect. Advocacy for defense-in-depth and diverse security measures has contributed to this more is better mentality for defending computer systems, which fails to consider the complex interaction of different components in these systems, especially with regard to what impact new security controls may have on the operation and functionality of other, preexisting defenses. We give examples of several categories of perverse effects in defending computer systems and draw on the theory of unintended consequences and the duality of technology to analyze the origins of these perverse effects, and to develop a classification scheme for the different types and some methods for avoiding them.
来源URL: