Abstract
We propose a research initiative that employs Agent-Based Modeling (ABM) with an embedded Machine Learning (ML) component to study information security policy compliance in enterprise contexts. By capturing employees' nuanced behavioral drivers and malicious actors' adaptive strategies, this approach offers a powerful lens through which to observe emergent patterns and test different policy interventions. The ML integration ensures the model can respond dynamically to changing conditions, fine-tuning training frequency, enforcement strictness, and other security measures based on real-time feedback.
Recommended Citation
Sikolia, David, "Modeling Carrots vs. Sticks: An Agent-Based Simulation of Insider Compliance with Information Security Policies" (2025). MWAIS 2025 Proceedings. 25.
https://aisel.aisnet.org/mwais2025/25