Modelling the human and technological costs and benefits of USB memory stick security

Adam Beautement; Robert Coles; Jonathan Griffin; Christos Ioannidis; Brian Monahan; David Pym; Angela Sasse; Mike Wonham

doi:10.1007/978-0-387-09762-6_7

Modelling the human and technological costs and benefits of USB memory stick security

Adam Beautement, Robert Coles, Jonathan Griffin, Christos Ioannidis, Brian Monahan, David Pym, Angela Sasse, Mike Wonham

Aston Business School

Research output: Chapter in Book/Published conference output › Chapter

Abstract

Organizations deploy systems technologies in order to support their operations and achieve their business objectives. In so doing, they encounter tensions between the confidentiality, integrity, and availability of information, and must make investments in information security measures to address these concerns. We discuss how a macroeconomics-inspired model, analogous to models of interest rate policy used by central banks, can be used to understand trade-offs between investments against threats to confidentiality and availability. We investigate how such a model might be formulated by constructing a process model, based on empirically obtained data, of the use of USB memory sticks by employees of a financial services company.

Original language	English
Title of host publication	Managing information risk and the economics of security
Editors	M. Eric Johnson
Publisher	Springer
Pages	141-163
Number of pages	23
ISBN (Electronic)	978-0-387-09762-6
ISBN (Print)	978-0-387-09761-9
DOIs	https://doi.org/10.1007/978-0-387-09762-6_7
Publication status	Published - 22 Dec 2009

Access to Document

10.1007/978-0-387-09762-6_7

Cite this

@inbook{79775d0c1eb14296bed1578297c3e70a,

title = "Modelling the human and technological costs and benefits of USB memory stick security",

abstract = "Organizations deploy systems technologies in order to support their operations and achieve their business objectives. In so doing, they encounter tensions between the confidentiality, integrity, and availability of information, and must make investments in information security measures to address these concerns. We discuss how a macroeconomics-inspired model, analogous to models of interest rate policy used by central banks, can be used to understand trade-offs between investments against threats to confidentiality and availability. We investigate how such a model might be formulated by constructing a process model, based on empirically obtained data, of the use of USB memory sticks by employees of a financial services company.",

author = "Adam Beautement and Robert Coles and Jonathan Griffin and Christos Ioannidis and Brian Monahan and David Pym and Angela Sasse and Mike Wonham",

year = "2009",

month = dec,

day = "22",

doi = "10.1007/978-0-387-09762-6_7",

language = "English",

isbn = "978-0-387-09761-9",

pages = "141--163",

editor = "Johnson, {M. Eric}",

booktitle = "Managing information risk and the economics of security",

publisher = "Springer",

address = "Germany",

}

TY - CHAP

T1 - Modelling the human and technological costs and benefits of USB memory stick security

AU - Beautement, Adam

AU - Coles, Robert

AU - Griffin, Jonathan

AU - Ioannidis, Christos

AU - Monahan, Brian

AU - Pym, David

AU - Sasse, Angela

AU - Wonham, Mike

PY - 2009/12/22

Y1 - 2009/12/22

N2 - Organizations deploy systems technologies in order to support their operations and achieve their business objectives. In so doing, they encounter tensions between the confidentiality, integrity, and availability of information, and must make investments in information security measures to address these concerns. We discuss how a macroeconomics-inspired model, analogous to models of interest rate policy used by central banks, can be used to understand trade-offs between investments against threats to confidentiality and availability. We investigate how such a model might be formulated by constructing a process model, based on empirically obtained data, of the use of USB memory sticks by employees of a financial services company.

AB - Organizations deploy systems technologies in order to support their operations and achieve their business objectives. In so doing, they encounter tensions between the confidentiality, integrity, and availability of information, and must make investments in information security measures to address these concerns. We discuss how a macroeconomics-inspired model, analogous to models of interest rate policy used by central banks, can be used to understand trade-offs between investments against threats to confidentiality and availability. We investigate how such a model might be formulated by constructing a process model, based on empirically obtained data, of the use of USB memory sticks by employees of a financial services company.

UR - http://link.springer.com/chapter/10.1007%2F978-0-387-09762-6_7

U2 - 10.1007/978-0-387-09762-6_7

DO - 10.1007/978-0-387-09762-6_7

M3 - Chapter

SN - 978-0-387-09761-9

SP - 141

EP - 163

BT - Managing information risk and the economics of security

A2 - Johnson, M. Eric

PB - Springer

ER -

Modelling the human and technological costs and benefits of USB memory stick security

Abstract

Access to Document

Other files and links

Fingerprint

Cite this