Effect of network infrastructure factors on information system risk judgments

Little is known about how perceived network topology factors, which are common components of information system risk metrics, impact human judgments of risk. Using a half-fractional factorial design, this study experimentally manipulated five perceivable network topology factors (network partitioning, network diversity, wireless status, network footprint and connectivity) to assess the relationship between these factors and network risk judgments. The consistency of network risk ratings and rankings were evaluated for each of the 16 network topologies across a sample of 55 network security professionals who reviewed these topologies. Three robust significant main effects (network partitioning, wireless status, and connectivity) and one significant interaction (network partitioning X wireless status) were found. While some topologies were consistently rated and ranked as significantly more risky than others, there was some variability in ratings at each main effect level as well as the spread of the mean ratings between the two main effect levels (e.g., wireless and wired). We discuss the implications of our findings with respect to network risk metric rigor.