Lookup NU author(s): Dr Iryna Yevseyeva,
Dr Charles Morisset,
Dr Thomas Gross,
Professor Aad van Moorsel
Full text for this publication is not currently held within this repository. Alternative links are provided below where available.
Information security decisions typically involve a trade-off between security and productivity. In practical settings, it is often the human user who is best positioned to make this trade-off decision, or in fact has a right to make its own decision (such as in the case of 'bring your own device'), although it may be responsibility of a company security manager to influence employees choices. One of the practical ways to model human decision making is with multi-criteria decision analysis, which we use here for modeling security choices. The proposed decision making model facilitates quantitative analysis of influencing information security behavior by capturing the criteria affecting the choice and their importance to the decision maker.Within this model, we will characterize the optimal modification of the criteria values, taking into account that not all criteria can be changed. We show how subtle defaults influence the choice of the decision maker and calculate their impact. We apply our model to derive optimal policies for the case study of a public Wi-Fi network selection, in which the graphical user interface aims to influence the user to a particular security behavior. © 2014 Springer International Publishing.
Author(s): Yevseyeva I, Morisset C, Gross T, Van Moorsel A
Editor(s): Horváth A., Wolter K.
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: EPEW 2014: Computer Performance Engineering
Year of Conference: 2014
Online publication date: 12/09/2014
Acceptance date: 01/01/1900
Publisher: Springer, Cham
Library holdings: Search Newcastle University Library for this item
Series Title: Lecture Notes in Computer Science