Revisiting the form and function of conflict: Neurobiological, psychological, and cultural mechanisms for attack and defense within and between groups

Conflict can profoundly affect individuals and their groups. Oftentimes, conflict involves a clash between one side seeking change and increased gains through victory and the other side defending the status quo and protecting against loss and defeat. However, theory and empirical research largely neglected these conflicts between attackers and defenders, and the strategic, social, and psychological consequences of attack and defense remain poorly understood. To fill this void, we model (1) the clashing of attack and defense as games of strategy and reveal that (2) attack benefits from mismatching its target's level of defense, whereas defense benefits from matching the attacker's competitiveness. This suggests that (3) attack recruits neuroendocrine pathways underlying behavioral activation and overconfidence, whereas defense invokes neural networks for behavioral inhibition, vigilant scanning, and hostile attributions; and that (4) people invest less in attack than defense, and attack often fails. Finally, we propose that (5) in intergroup conflict, out-group attack needs institutional arrangements that motivate and coordinate collective action, whereas in-group defense benefits from endogenously emerging in-group identification. We discuss how games of attack and defense may have shaped human capacities for prosociality and aggression, and how third parties can regulate such conflicts and reduce their waste. Keywords: behavioral game theory; biobehavioral approach–avoidance; coevolution of prosociality and aggression; conflict; conflict intervention; cultural institutions; intergroup relations; psychological adaptations

A decision framework for managing the risk of terrorist threats at rail stations interconnected with airports

This paper highlights a risk-based decision-making framework on a basis of probabilistic risk assessment (PRA). Its aim is to enable stakeholders of transport infrastructures to systematically and effectively allocate their limited resources and consequently improve resilience when facing the potential risk of a terrorist attack. The potential risk of a terrorist attack affects the inter-operation of transportation infrastructures including airports and rail stations, the regional economy, and imposes additional costs of security or any countermeasures. This novel framework is thus established in order to model the security system, to consider a multitude of threat scenarios, and to assess the decisions and choices taken by the aggressors during various stages of their attack. The framework has capability to identify the state of partial neutralization, which reveals the losses incurred when the terrorist could not reach the primary target. In this study, an underground railway station interconnected to an international airport has been used as a case study to demonstrate the effectiveness of this novel framework. By the rigorous assessment of potential losses during a variety of threat scenarios, four countermeasures that could minimise losses are proposed: screening of passengers by observation techniques (SPOT), a surveillance system, increase of the cargo screening rate, and blast-resistant cargo containers. The cost and efficiency assessment is employed to determine the most suitable countermeasures when the value of the security measures equal their cost. Note that ongoing research is still needed to establish better countermeasures since there is no end to the creativity of terrorists. The new technology, such as wireless sensors, will play an important role in the security system in the future. In particular, this study will help insurance and rail industries to model and manage risk profiles at critical infrastructure

Prevention of terrorism : an assessment of prior POM work and future potentials

© 2020 Production and Operations Management Society In this study, we review POM-based research related to prevention of terrorism. According to the Federal Emergency Management Agency (FEMA) terrorist attacks have the potential to be prevented. Consequently, the focus of this study is on security enhancement and improving the resiliency of a nation to prevent terrorist attacks. Accordingly, we review articles from the 25 top journals, [following procedures developed by Gupta et al. (2016)], in the fields of Production and Operations Management, Operations Research, Management Science, and Supply Chain Management. In addition, we searched some selected journals in the fields of Information Sciences, Political Science, and Economics. This literature is organized and reviewed under the following seven core capabilities defined by the Department of Homeland Security (DHS): (1) Intelligence and Information Sharing, (2) Planning, (3) Interdiction and Disruption, (4) Screening, Search, and Detection, (5) Forensics and Attribution, (6) Public Information and Warning, and (7) Operational Coordination. We found that POM research on terrorism is primarily driven by the type of information that a defending country and a terrorist have about each other. Game theory is the main technique that is used in most research papers. Possible directions for future research are discussed

Relationship Between Corporate Governance and Information Security Governance Effectiveness in United States Corporations

Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing and deterring information security breaches. Grounded in corporate governance theory, the purpose of this correlational study was to examine the relationship between strategic alignment, resource management, risk management, value delivery, performance measurement implementations, and information security governance (ISG) effectiveness in United States-based corporations. Surveys were used to collect data from 95 strategic and tactical leaders of the 500 largest for-profit United States headquartered corporations. The results of the multiple linear regression indicated the model was able to significantly predict ISG effectiveness, F(5, 89) = 3.08, p = 0.01, R² = 0.15. Strategic alignment was the only statistically significant (t = 2.401, p \u3c= 0.018) predictor. The implications for positive social change include the potential to constructively understand the correlates of ISG effectiveness, thus increasing the propensity for consumer trust and reducing consumers' costs

THREE ARTICLES ON THE BEHAVIORAL ECONOMICS OF SECURITY INFORMATION SHARING: A THEORETICAL FRAMEWORK, AN EMPIRICAL TEST, AND POLICY RECOMMENDATIONS

This thesis presents a behavioral economics contribution to the security of information systems. It focuses on security information sharing (SIS) between operators of critical infrastructures, such as systemic banks, power grids, or telecommunications. SIS is an activity by which these operators exchange cybersecurity-relevant information, for instance on vulnerabilities, malwares, data breaches, etc. Such information sharing is a low-cost and efficient way by which the defenders of such infrastructures can enhance cybersecurity. However, despite this advantage, economic (dis)incentives, such as the free-rider problem, often reduce the extent to which SIS is actually used in practice. This thesis responds to this problem with three published articles. The first article sets out a theoretical framework that proposes an association between human behavior and SIS outcomes. The second article further develops and empirically tests this proposed association, using data from a self-developed psychometric survey among all participants of the Swiss Reporting and Analysis Centre for Information Assurance (MELANI). SIS is measured by a dual approach (intensity and frequency), and hypotheses on five salient factors that are likely associated with SIS outcomes (attitude, reciprocity, executional cost, reputation, trust) are tested. In the third article, policy recommendations are presented in order to reduce executional costs, which is found to be significantly and negatively associated with SIS. In conclusion, this thesis proposes multiple scientific and practical contributions. It extends the scientific literature on the economics of cybersecurity with three contributions on the human factor in SIS. In addition, regulators will find many recommendations, particularly in the area of governance, to support SIS at the legislative level. This thesis also offers many avenues for practitioners to improve the efficiency of SIS, particularly within Information Sharing and Analysis Centers (ISACs) in charge of producing Cyber Threat Intelligence in order to anticipate and prevent cyberrisks. Cette thèse présente une contribution de l'économie comportementale à la sécurité des systèmes d'information. Elle s’intéresse au mécanisme incitatif permettant de favoriser le partage de l’information utile à la cybersécurité (Security Information Sharing – SIS) entre opérateurs d’infrastructures critiques, telles que les banques systémiques, les réseaux électriques ou de télécommunications. Le SIS est une activité par laquelle ces opérateurs échangent des informations relatives aux cybermenaces, par exemple sur les vulnérabilités, les logiciels malveillants, les violations de données, etc. Ce partage d'informations est un moyen peu coûteux et efficace par lequel les défenseurs de ces infrastructures peuvent renforcer la cybersécurité. Toutefois, malgré ces avantages, les (mauvaises) incitations économiques, telles que le problème du passager clandestin, réduisent souvent l’utilité pratique du SIS. Cette thèse répond à ce problème avec trois articles publiés. Le premier article présente un cadre théorique qui propose une association entre le comportement humain et les résultats du SIS. Le deuxième article développe et teste empiriquement cette proposition d'association à l'aide des données d'une enquête psychométrique développée avec les participants de la Centrale d'enregistrement et d'analyse pour la sûreté de l'information (MELANI). Le SIS est mesuré avec une double approche (intensité et fréquence), et des hypothèses sur cinq facteurs importants, probablement associés aux résultats du SIS (attitude, réciprocité, coût d'exécution, réputation, confiance), sont testées. Dans le troisième article, des recommandations politiques sont présentées afin de réduire les coûts d'exécution, qui s'avèrent être associés de manière significative et négative au SIS. En conclusion, cette thèse propose de multiples contributions scientifiques et pratiques. Ses résultats élargissent la littérature scientifique sur l'économie de la cybersécurité avec trois contributions sur le facteur humain dans le SIS. En outre, les régulateurs trouveront de nombreuses recommandations, en particulier dans le domaine de la gouvernance, pour soutenir le SIS au niveau législatif. Cette thèse offre également de nombreux moyens aux praticiens pour améliorer son efficacité, notamment au sein des Information Sharing and Analysis Center (ISACs) chargés de produire du renseignement sur les cybermenaces (Cyber Threat Intelligence) afin d'anticiper et prévenir les cyberrisques