TY - GEN
T1 - A decision making model of influencing behavior in information security
AU - Yevseyeva, Iryna
AU - Morisset, Charles
AU - Groß, Thomas
AU - Van Moorsel, Aad
PY - 2014
Y1 - 2014
N2 - Information security decisions typically involve a trade-off between security and productivity. In practical settings, it is often the human user who is best positioned to make this trade-off decision, or in fact has a right to make its own decision (such as in the case of 'bring your own device'), although it may be responsibility of a company security manager to influence employees choices. One of the practical ways to model human decision making is with multi-criteria decision analysis, which we use here for modeling security choices. The proposed decision making model facilitates quantitative analysis of influencing information security behavior by capturing the criteria affecting the choice and their importance to the decision maker.Within this model, we will characterize the optimal modification of the criteria values, taking into account that not all criteria can be changed. We show how subtle defaults influence the choice of the decision maker and calculate their impact. We apply our model to derive optimal policies for the case study of a public Wi-Fi network selection, in which the graphical user interface aims to influence the user to a particular security behavior.
AB - Information security decisions typically involve a trade-off between security and productivity. In practical settings, it is often the human user who is best positioned to make this trade-off decision, or in fact has a right to make its own decision (such as in the case of 'bring your own device'), although it may be responsibility of a company security manager to influence employees choices. One of the practical ways to model human decision making is with multi-criteria decision analysis, which we use here for modeling security choices. The proposed decision making model facilitates quantitative analysis of influencing information security behavior by capturing the criteria affecting the choice and their importance to the decision maker.Within this model, we will characterize the optimal modification of the criteria values, taking into account that not all criteria can be changed. We show how subtle defaults influence the choice of the decision maker and calculate their impact. We apply our model to derive optimal policies for the case study of a public Wi-Fi network selection, in which the graphical user interface aims to influence the user to a particular security behavior.
UR - https://www.scopus.com/pages/publications/84906972268
U2 - 10.1007/978-3-319-10885-8_14
DO - 10.1007/978-3-319-10885-8_14
M3 - Conference contribution
AN - SCOPUS:84906972268
SN - 9783319108841
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 194
EP - 208
BT - Computer Performance Engineering - 11th European Workshop, EPEW 2014, Proceedings
PB - Springer Verlag
T2 - 11th European Workshop on Computer Performance Engineering, EPEW 2014
Y2 - 11 September 2014 through 12 September 2014
ER -