Demjaha, A;
Parkin, S;
Pym, D;
(2021)
You've left me no choices: Security economics to inform behaviour intervention support in organizations.
In: Groß, Thomas, and Theo, Tryfonas, (eds.)
Proceedings of the 9th International Workshop on Socio-Technical Aspects in SecuriTy 2019.
Springer: Luxembourg City, Luxembourg.
(In press).
![[img]](https://discovery.ucl.ac.uk/style/images/fileicons/text.png) |
Text
STAST Paper 2019 Camera-ready.pdf - Accepted version Access restricted to UCL open access staff until 14 June 2021. Download (326kB) |
Abstract
Security policy-makers (influencers) in an organization set security policies that embody intended behaviours for employees (as decision-makers) to follow. Decision-makers then face choices, where this is not simply a binary decision of whether to comply or not, but also how to approach compliance and secure working alongside other workplace pressures, and limited resources for identifying optimal securityrelated choices. Conflict arises due to information asymmetries present in the relationship, where influencers and decision-makers both consider costs, gains, and losses in ways which are not necessarily aligned. With the need to promote ‘good enough’ decisions about security-related behaviours under such constraints, we hypothesize that actions to resolve this misalignment can benefit from constructs from both neoclassical economics and behavioural economics. Here we demonstrate how current approaches to security behaviour provisioning in organizations mirror rational-agent economics, even where behavioural economics is embodied in the promotion of individual security behaviours. We develop and present a framework to accommodate bounded security decision-making, within an ongoing programme of behaviours which must be provisioned for and supported. We also point to applications of the framework in negotiating sustainable security behaviours, such as policy concordance and just security cultures.
| Type: | Proceedings paper |
|---|---|
| Title: | You've left me no choices: Security economics to inform behaviour intervention support in organizations |
| Event: | 9th International Workshop on Socio-Technical Aspects in SecuriTy 2019 |
| Location: | Luxembourg |
| Dates: | 26 September 2019 - 26 September 2019 |
| Publisher version: | https://www.springer.com/gp/book/9783030559571 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| Keywords: | Security decision-making, Security economics, Security policy, Security behaviour modelling |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10081087 |
Archive Staff Only
 |
View Item |
