We consider the problem of enforcing compliance with information security policies in organizations in order to mitigate insider threat. We show that compliance with security policies may be enforced even for myopic, self-interested, agents by providing them proper economic incentives for...