Browse by author
Lookup NU author(s): Dr Charles Morisset, Dr Iryna Yevseyeva, Professor Thomas GrossORCiD, Professor Aad van Moorsel
Information security decisions typically involve a trade-off between security and productivity. In practical settings it is often the human/user who is best positioned to make this trade-off decision, or in fact has a right to make its own decision (such as in the case of 'bring your own device'). It then may be useful to discuss approaches which aim to influence the user decision, while leaving end responsibility with the user. This is often referred to as nudging the user, or, more generally, as influencing human behavior. The main aim of this paper is to provide a generic formalization to facilitate rigorous quantitative analysis of influencing information security behavior, providing a theoretical basis for studying, optimizing, comparing and evaluating approaches. In particular, we propose an agent-based formalization that captures the human decision maker as well as the influencer and the relationship between them. Within this formalization we will characterize an optimal policy for influencing and formally prove that such policies are optimal. We then embed multi-criteria decision making into our formalism as an approach to model human behavior and to choose between alternatives. We apply our formalization by deriving optimal policies for the selection of WiFi networks, in which the graphical user interface aims to nudge the user to particular security behavior.
Author(s): Morisset C, Yevseyeva I, Gross T, van Moorsel A
Publication type: Report
Publication status: Published
Series Title: School of Computing Science Technical Report Series
Year: 2014
Pages: 18
Print publication date: 14/05/2014
Source Publication Date: May 2014
Report Number: 1423
Institution: School of Computing Science, University of Newcastle upon Tyne
Place Published: Newcastle upon Tyne
URL: http://www.cs.ncl.ac.uk/publications/trs/papers/1423.pdf