Advanced search
Publication Cover
Journal of Management Information Systems Volume 33, 2016 - Issue 2: Special Issue: Information Systems for Deception Detection
Journal homepage
690
Views
14
CrossRef citations to date
0
Altmetric
Original Articles

Perverse Effects in Defense of Computer Systems: When More Is Less

Josephine WolffORCID Iconhttp://orcid.org/0000-0002-5139-5554View further author information
ORCID Icon
Pages 597-620 | Published online: 05 Oct 2016
 
Sample our Information Science journals, sign in here to start your FREE access for 14 days

Abstract

With computer security spending on the rise, organizations seem to have accepted the notion that buying more—and more expensive—defenses allows them to better protect their computer systems. In the context of complex computer systems, however, defenses can also have the opposite effect, creating new, unforeseen vulnerabilities in the systems they are intended to protect. Advocacy for defense-in-depth and diverse security measures has contributed to this “more is better” mentality for defending computer systems, which fails to consider the complex interaction of different components in these systems, especially with regard to what impact new security controls may have on the operation and functionality of other, preexisting defenses. We give examples of several categories of perverse effects in defending computer systems and draw on the theory of unintended consequences and the duality of technology to analyze the origins of these perverse effects, and to develop a classification scheme for the different types and some methods for avoiding them.

Additional information

Notes on contributors

Josephine Wolff

Josephine Wolff ([email protected]) is an assistant professor in the Public Policy Department at Rochester Institute of Technology and a member of the extended faculty of the Computing Security Department. She is a faculty associate at the Harvard Berkman Center for Internet & Society and a fellow at the New America Cybersecurity Initiative. She holds a master’s degree in technology and policy and a Ph.D. in engineering systems from MIT. Previously, she worked at Microsoft, the Center for Democracy and Technology, and the Department of Defense. Her research interests include cybersecurity policy, impacts of computer security controls, economics of information security, and liability regimes for cybersecurity incidents. Her academic writing has been published in Telecommunications Policy and presented at the Research Conference on Communications, Information, and Internet Policy. Her writing has also appeared in Slate, The Atlantic, Scientific American, Newsweek, the New Republic, and the New York Times.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.