Toggle Main Menu Toggle Search

Open Access padlockePrints

Formalization of Influencing in Information Security

Lookup NU author(s): Dr Charles Morisset, Dr Iryna Yevseyeva, Professor Thomas GrossORCiD, Professor Aad van Moorsel

Downloads


Abstract

Information security decisions typically involve a trade-off between security and productivity. In practical settings it is often the human/user who is best positioned to make this trade-off decision, or in fact has a right to make its own decision (such as in the case of 'bring your own device'). It then may be useful to discuss approaches which aim to influence the user decision, while leaving end responsibility with the user. This is often referred to as nudging the user, or, more generally, as influencing human behavior. The main aim of this paper is to provide a generic formalization to facilitate rigorous quantitative analysis of influencing information security behavior, providing a theoretical basis for studying, optimizing, comparing and evaluating approaches. In particular, we propose an agent-based formalization that captures the human decision maker as well as the influencer and the relationship between them. Within this formalization we will characterize an optimal policy for influencing and formally prove that such policies are optimal. We then embed multi-criteria decision making into our formalism as an approach to model human behavior and to choose between alternatives. We apply our formalization by deriving optimal policies for the selection of WiFi networks, in which the graphical user interface aims to nudge the user to particular security behavior.


Publication metadata

Author(s): Morisset C, Yevseyeva I, Gross T, van Moorsel A

Publication type: Report

Publication status: Published

Series Title: School of Computing Science Technical Report Series

Year: 2014

Pages: 18

Print publication date: 14/05/2014

Source Publication Date: May 2014

Report Number: 1423

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne

URL: http://www.cs.ncl.ac.uk/publications/trs/papers/1423.pdf


Share