Looking at information security through a prospect theory lens

Hina Arora, Paul Steinbart, Benjamin Shao

Research output: Contribution to journalArticlepeer-review


Traditional accounts of decision-making under uncertainty have taken the Von Neumann and Morgenstern approach of Expected Utility Theory that considers how decisions under uncertainty should be made. This prescriptive model states that, when faced with a choice, a rational decision maker will pick the prospect that offers the highest expected utility. But as has been demonstrated by Kahnemann and Tversky in Prospect Theory, decision-making under uncertainty often deviates from what Expected Utility Theory predicts, largely depending on whether the decision is framed as a gain or a loss. According to their model, choices framed as gains often lead to risk-averse behavior, and choices framed as losses often induce risk-seeking behavior. This paper reviews various theories of decision-making under uncertainty and evaluates the relevance of Prospect Theory in the information security context. An instrument is developed to evaluate relevance, preliminary results are presented, and implications for future research are discussed.

Original languageEnglish (US)
Pages (from-to)1242-1246
Number of pages5
JournalUnknown Journal
StatePublished - 2006


  • Information security
  • Prospect theory

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Networks and Communications
  • Library and Information Sciences
  • Information Systems


Dive into the research topics of 'Looking at information security through a prospect theory lens'. Together they form a unique fingerprint.

Cite this