Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Managing Information Risk and the Economics of Security Read chapter Read first chapter

2009 | OriginalPaper | Chapter

7. Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security

Authors : Adam Beautement, Robert Coles, Jonathan Griffin, Christos Ioannidis, Brian Monahan, David Pym, Angela Sasse, Mike Wonham

Published in: Managing Information Risk and the Economics of Security

Publisher: Springer US

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Organizations deploy systems technologies in order to support their ope­rations and achieve their business objectives. In so doing, they encounter tensions between the confidentiality, integrity, and availability of information, and must make investments in information security measures to address these concerns. We discuss how a macroeconomics-inspired model, analogous to models of interest rate policy used by central banks, can be used to understand trade-offs between investments against threats to confidentiality and availability. We investigate how such a model might be formulated by constructing a process model, based on empirically obtained data, of the use of USB memory sticks by employees of a financial services company.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Communicating the Economic Value of Security Investments: Value at Security Risk
next chapter The Value of Escalation and Incentives in Managing Information Access
Footnotes
1
A support proportion of 0.25 means that 1/4 of the total security investment goes towards IT support and the remainder goes towards monitoring.
 
Literature
Anderson, R. “Why Information Security Is Hard: An Economic Perspective,” in Proceedings 17th Annual Computer Security Applications Conference, 2001.
Adams, A.L., and Sasse, M.A. “Users Are Not the Enemy: Why Users Compromise Security Mechanisms and How to Take Remedial Measures,” Communications of the ACM (42:12), 1999, pp. 40–46.CrossRef
Barro, R., and Gordon, D. “A Positive Theory of Monetary Policy in a Natural Rate Model,” Journal of Political Economy (91), 1983, pp. 589–610.CrossRef
Birtwistle, G. Demos — discrete event modelling on Simula. Macmillan, 1979.
Birtwistle, G., and Tofts, C. “An Operational Semantics of Process-Orientated Simulation Languages: Part I,”, Demos. Transactions of the Society for Computer Simulation (10:4), 1993, pp. 299–333.
Birtwistle, G., and Tofts, C. “An Operational Semantics of Process-Orientated Simulation Languages: Part II,” Demos. Transactions of the Society for Computer Simulation (11:4), 1994 pp. 303–336.
Birtwistle, G., and Tofts, C. “A Denotational Semantics for a Process-Based Simulation Language,” ACM ToMaCS (8:3), 1998, pp. 281–305.MATH
Birtwistle, G., and Tofts, C. “Getting Demos Models Right — Part I Practice,” Simulation Practice and Theory (8:6-7), 2001, pp. 377–393.MATHCrossRef
Birtwistle, G., and Tofts, C. “Getting Demos Models Right — Part II ... and Theory,” Simulation Practice and Theory (8:6-7), 2001, pp. 395–414.MATHCrossRef
Clatworthy, M., Peel, D., and Pope, P. “Are Analysts’ Loss Functions Asymmetric?” Technical Report 005, Lancaster University Management School, 2006.
Gordon, L.A., and Loeb, M.P. “The Economics of Information Security Investment,” ACM Transactions on Information and Systems Security (5:4), 2002, pp. 438–457.CrossRef
Gordon, L.A., and Loeb, M.P. Managing Cybersecurity Resources: A Cost-Benefit Analysis. McGraw Hill, 2006.
Milner, R. Communication and Concurrency. Prentice-Hall, 1989.
Monahan, B. “DXM: Demos Experiments Manager,” Forthcoming HP Labs Technical Report, 2008.
Nobay, R.A., and Peel, D.A. “Optimal Discretionary Monetary Policy in a Model of Asymmetric Bank Preferences,” The Economic Journal (113:489), 2003, pp. 657–665. CrossRef
Pym, D., and Tofts, C. “A Calculus and Logic of Resources and Processes,” Formal Aspects of Computing (18:4), 2006, pp. 495–517, Erratum (with Collinson, M.) Formal Aspects of Computing (19) 2007, pp. 551–554.
Pym, D., and Tofts, C. “Systems Modelling via Resources and Processes: Philosophy, Calculus, Semantics, and Logic,” in Cardelli, L., Fiore, M., and Winskel, G. (Eds), Electronic Notes in Theoretical Computer Science (Computation, Meaning, and Logic: Articles dedicated to Gordon Plotkin), (107) 2007, pp. 545–587, Erratum (with Collinson, M.) Formal Aspects of Computing (19) 2007, pp. 551–554.
Ruge-Murcia, F.J. “The Inflation Bias When the Central Bank Targets the Natural Rate of Unemployment,” Technical Report 2001-22, Département de Sciences Économique, Université de Montréal, 2001.
Ruge-Murcia, R.J. “Inflation Targeting under Asymmetric Preferences,” Journal of Money, Credit, and Banking (35:5), 2003, pp. 763–785.MathSciNetCrossRef
Strauss, A.L., and Corbine, J.M. Basics of Qualitative Research: Grounded Theory Procedures and Techniques. Newbury Park, CA: Sage, 1990.
Office Of Science and Technology. Foresight: Cyber Trustand Crime Prevention Project: Executive Summary. 2004.
Taylor, J.B. “Discretion versus Policy Rules in Practice,” Carnegie-Rochester Conference Series on Public Policy (39), 1993, pp. 195–214.CrossRef
Tofts, C. “Processes with Probability, Priority and Time,” Formal Aspects of Computing, (6:5), 1994, pp. 536–564.MATHCrossRef
Varian, H. “A Bayesian Approach to Real Estate Management,” in Feinberg, S.E. and Zellner, A. (Eds) Studies in Bayesian Economics in Honour of L.J. Savage, North Holland, 1974, pp. 195–208.
Weirich, D., and Sasse, M.A. “Pretty Good Persuasion: A first Step towards Effective Password Security for the Real World,” in Proceedings of the New Security Paradigms Workshop, Cloudcroft, NM, ACM Press. September 2001, pp. 137–143.
Yearworth, M., Monahan, B., and Pym, D. “Predictive Modelling for Security Operations Economics,” (extended abstract) in Proc. I3P Workshop on the Economics of Securing the Information Infrastructure, 2006. Proceedings at http://​wesii.​econinfosec.​org/​workshop/​.
Zellner, A. “Bayesian Prediction and Estimation Using Asymmetric Loss Functions. Journal of the American Statistical Association (81), 1986, pp. 446–451.MathSciNetMATHCrossRef
Metadata
Title
Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security
Authors
Adam Beautement
Robert Coles
Jonathan Griffin
Christos Ioannidis
Brian Monahan
David Pym
Angela Sasse
Mike Wonham
Copyright Year
2009
Publisher
Springer US
Book
Managing Information Risk and the Economics of Security

Print ISBN: 978-0-387-09761-9

Electronic ISBN: 978-0-387-09762-6

Copyright Year: 2009

DOI
https://doi.org/10.1007/978-0-387-09762-6_7

Premium Partner

    Image Credits