UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

You've left me no choices: Security economics to inform behaviour intervention support in organizations

Demjaha, A; Parkin, S; Pym, D; (2021) You've left me no choices: Security economics to inform behaviour intervention support in organizations. In: Groß, Thomas, and Theo, Tryfonas, (eds.) Proceedings of the 9th International Workshop on Socio-Technical Aspects in SecuriTy 2019. Springer: Luxembourg City, Luxembourg. (In press).

[img] Text
STAST Paper 2019 Camera-ready.pdf - Accepted version
Access restricted to UCL open access staff until 14 June 2021.

Download (326kB)

Abstract

Security policy-makers (influencers) in an organization set security policies that embody intended behaviours for employees (as decision-makers) to follow. Decision-makers then face choices, where this is not simply a binary decision of whether to comply or not, but also how to approach compliance and secure working alongside other workplace pressures, and limited resources for identifying optimal securityrelated choices. Conflict arises due to information asymmetries present in the relationship, where influencers and decision-makers both consider costs, gains, and losses in ways which are not necessarily aligned. With the need to promote ‘good enough’ decisions about security-related behaviours under such constraints, we hypothesize that actions to resolve this misalignment can benefit from constructs from both neoclassical economics and behavioural economics. Here we demonstrate how current approaches to security behaviour provisioning in organizations mirror rational-agent economics, even where behavioural economics is embodied in the promotion of individual security behaviours. We develop and present a framework to accommodate bounded security decision-making, within an ongoing programme of behaviours which must be provisioned for and supported. We also point to applications of the framework in negotiating sustainable security behaviours, such as policy concordance and just security cultures.

Type: Proceedings paper
Title: You've left me no choices: Security economics to inform behaviour intervention support in organizations
Event: 9th International Workshop on Socio-Technical Aspects in SecuriTy 2019
Location: Luxembourg
Dates: 26 September 2019 - 26 September 2019
Publisher version: https://www.springer.com/gp/book/9783030559571
Language: English
Additional information: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions.
Keywords: Security decision-making, Security economics, Security policy, Security behaviour modelling
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/10081087
Downloads since deposit
2Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item