Skip to main content
SpringerLink
Log in

A Decision Making Model of Influencing Behavior in Information Security

  • Conference paper
Computer Performance Engineering (EPEW 2014)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8721))

Included in the following conference series:

  • 991 Accesses

Abstract

Information security decisions typically involve a trade-off between security and productivity. In practical settings, it is often the human user who is best positioned to make this trade-off decision, or in fact has a right to make its own decision (such as in the case of ‘bring your own device’), although it may be responsibility of a company security manager to influence employees choices. One of the practical ways to model human decision making is with multi-criteria decision analysis, which we use here for modeling security choices. The proposed decision making model facilitates quantitative analysis of influencing information security behavior by capturing the criteria affecting the choice and their importance to the decision maker.Within this model, we will characterize the optimal modification of the criteria values, taking into account that not all criteria can be changed. We show how subtle defaults influence the choice of the decision maker and calculate their impact. We apply our model to derive optimal policies for the case study of a public Wi-Fi network selection, in which the graphical user interface aims to influence the user to a particular security behavior.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aime, M., Calandriello, G., Lioy, A.: Dependability in wireless networks: Can we rely on WiFi? IEEE Security Privacy 5(1), 23–29 (2007)

    Article  Google Scholar 

  2. Belton, V., Stewart, T.: Multiple Criteria Decision Analysis: An Integrated Approach. Kluwer Academic Publishers, Dordrecht (2002)

    Google Scholar 

  3. Bishop, M.A.: The Art and Science of Computer Security. Addison-Wesley Longman Publishing Co., Inc., Boston (2003)

    Google Scholar 

  4. Bovens, L.: The ethics of nudge. In: Grüne-Yanoff, T., Hansson, S. (eds.) Preference Change: Approaches from Philosophy, Economics and Psychology. Philosophy and Methodology of Social Sciences, vol. 42, pp. 207–219. Springer, Theory and Decision Library (2009)

    Google Scholar 

  5. Chismon, D., Carter, T., Ruks, M., Hoggard, H.: Mobile devices: Guide for implementers. White paper, MWRInfoSecurity and Center for the Protection of National Infrastructure (CPNI), Basingstoke, UK (February 2013)

    Google Scholar 

  6. Choe, E.K., Jung, J., Lee, B., Fisher, K.: Nudging people away from privacy-invasive mobile apps through visual framing. In: Kotzé, P., Marsden, G., Lindgaard, G., Wesson, J., Winckler, M. (eds.) INTERACT 2013, Part III. LNCS, vol. 8119, pp. 74–91. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  7. Clarke, J., Hidalgo, M.G., Lioy, A., Petkovic, M., Vishik, C., Ward, J.: Consumerization of IT: Top risks and opportunities. ENISA deliverables, European Network and Information Security Agency (ENISA), European Network and Information Security Agency (ENISA) report (2012)

    Google Scholar 

  8. Farnham, G., Leune, K.: Tools and standards for cyber threat intelligence projects. Technical report, SANS Institute (2013)

    Google Scholar 

  9. Ferreira, A., Huynen, J.-L., Koenig, V., Lenzini, G., Rivas, S.: Socio-technical study on the effect of trust and context when choosing WiFi names. In: Accorsi, R., Ranise, S. (eds.) STM 2013. LNCS, vol. 8203, pp. 131–143. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  10. Goodwin, P., Wright, G.: Decision Analysis for Management Judgment, 4th edn. J. Wiley (2009)

    Google Scholar 

  11. Heilmann, C.: Success conditions for nudges: A methodological critique of libertarian paternalism. European Journal for Philosophy of Science 4(1), 75–94 (2014)

    Article  Google Scholar 

  12. AIDC worldwide mobile worker population 2010-2015 forecast. Technical report, IDC Australia (2012)

    Google Scholar 

  13. Kahneman, D.: Thinking, fast and slow. Farrar, Straus & Giroux, New York (2011)

    Google Scholar 

  14. Kahneman, D., Tversky, A.: Prospect theory: An analysis of decision under risk. Econometrica 47(2), 263–291 (1979)

    Article  MATH  Google Scholar 

  15. Keeney, R., Raiffa, H.: Decisions with Multiple Objectives: Preferences and Value Tradeoffs. J. Wiley, New York (1976)

    Google Scholar 

  16. Kennedy, D., O’Gorman, J., Kearns, D., Aharoni, M.: Metasploit: The Penetration Tester’s Guide, 1st edn. No Starch Press, San Francisco (2011)

    Google Scholar 

  17. Morisset, C., Groß, T., van Moorsel, A., Yevseyeva, I.: Formalization of influencing in information security. Technical Report CS-TR-1423, Newcastle University (May 2014)

    Google Scholar 

  18. Morisset, C., Groß, T., van Moorsel, A., Yevseyeva, I.: Nudging for quantitative access control systems. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 340–351. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  19. Seigneur, J.-M., Kölndorfer, P., Busch, M., Hochleitner, C.: A survey of trust and risk metrics for a BYOD mobile worker world. In: Proceedings of SOTICS 2013, pp. 82–91. IARIA (2013)

    Google Scholar 

  20. Servin, A., Kudenko, D.: Multi-agent reinforcement learning for intrusion detection: A case study and evaluation. In: Bergmann, R., Lindemann, G., Kirn, S., Pěchouček, M. (eds.) MATES 2008. LNCS (LNAI), vol. 5244, pp. 159–170. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  21. Applying behavioural insights to reduce fraud, error and debt. Policy paper: Transforming government services to make them more efficient and effective for users, Cabinet Office, Behavioural Insights Team, UK (February 2012)

    Google Scholar 

  22. Thaler, R.H., Sunstein, C.R.: Nudge: Improving Decisions About Health, Wealth, and Happiness. Yale University Press, New Haven (2008)

    Google Scholar 

  23. Turland, J., Coventry, L., Jeske, D., Briggs, P., Laing, C., Yevseyeva, I., van Moorsel, A.: Nudging towards security: Developing an application for wireless network selection for android phones (in preparation, 2014)

    Google Scholar 

  24. Yevseyeva, I., Morisset, C., Turland, J., Coventry, L., Groß, T., Laing, C., van Moorsel, A.: Consumerization of IT: Mitigating risky user actions and improving productivity with nudging. In: Proceeding of CENTERIS 2014 - Conference on ENTERprise Information Systems. Springer (accepted, 2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Cybercrime and Computer Security, School of Computing Science, Newcastle University, Newcastle upon Tyne, NE1 7RU, UK

    Iryna Yevseyeva, Charles Morisset, Thomas Groß & Aad van Moorsel

Authors
  1. Iryna Yevseyeva
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Charles Morisset
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Groß
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aad van Moorsel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dip. di Informatica, Università di Torino, 10149, Turin, Italy

    András Horváth

  2. Freie Universität Berlin, Takustr. 9, 14195, Berlin, Germany

    Katinka Wolter

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Yevseyeva, I., Morisset, C., Groß, T., van Moorsel, A. (2014). A Decision Making Model of Influencing Behavior in Information Security. In: Horváth, A., Wolter, K. (eds) Computer Performance Engineering. EPEW 2014. Lecture Notes in Computer Science, vol 8721. Springer, Cham. https://doi.org/10.1007/978-3-319-10885-8_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10885-8_14

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10884-1

  • Online ISBN: 978-3-319-10885-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation