Tag Archives: Qian Tang

A Field Quasi-Experiment @ ICIS 2012

Project participant Qian Tang presented at ICIS 2012 in Orlando, FL, 14 December 2012, a paper about comparisons of eight countries, in pairs, one of each pair ranked on SpamRankings.net and the other not. Statistical results indicate the rankings changed organizational spamming behavior.

Qian Tang, Leigh Linden, John S. Quarterman, and Andrew Whinston, Reputation as Public Policy for Internet Security: A Field Quasi-Experiment,

Abstract: Cybersecurity is a national priority in this big data era. Because of the lack of incentives and the existence of negative externality, companies often underinvest in addressing security risks and accidents, despite government and industry recommendations. In the present article, we propose a method that utilizes reputation through information disclosure to motivate companies to behave pro-socially, improving their Internet security. Using outbound spam as a proxy for Internet security, we conducted a quasi-experimental field study for eight countries through SpamRankings.net. This outgoing-spam-based study shows that information disclosure on outgoing spam can help reduce outgoing spam, approximately by 16 percent. This finding suggests that information disclosure can be leveraged to encourage companies to reduce security threats. It also provides support for public policies that require mandatory reporting from organizations and offers implications for evaluating and executing such policies.

What is ICIS 2012?

Continue reading

Reputation as Public Policy for Internet Security @ TPRC 2012

Saturday I presented Reputation as Public Policy for Internet Security Cover at the 40th Telecommunications Research Policy Conference (TPRC) hosted by George Mason University School of Law, Arlington, VA. Attendees seemed to appreciate our efforts to deal with heteroskedasticity with a wild cluster bootstrap-t procedure. The presentation, along with the abstract and the paper, are available from the SpamRankings.net website.

Blog readers will notice the TPRC presentation excerpted Festi Up Grum botnet is staging a comeback and extended Festi botnet infesting the world, July 2012 as well as making use of the numerous medical posts, while attempting to pull that and other material together in aid of motivating and describing the intended field experiments and their potential policy implications. As Prof. Andrew B. Whinston said to Network World a couple of months ago:

We’re not trying to solve the spam issue. We’re trying to deal with the broader issue of whether companies should publicly report security issues.