UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

A logic for the compliance budget

Anderson, G; McCusker, G; Pym, D; (2016) A logic for the compliance budget. In: Zhu, Q and Alpcan, T and Panaousis, E and Tambe, M and Casey, W, (eds.) Decision and Game Theory for Security: Proceedings of the 7th International Conference, GameSec 2016. (pp. pp. 370-381). Springer International Publishing Green open access

[img]
Preview
Text
compliance-logic-cameraready-short.pdf - Accepted version

Download (626kB) | Preview

Abstract

Security breaches often arise as a result of users’ failure to comply with security policies. Such failures to comply may simply be innocent mistakes. However, there is evidence that, in some circumstances, users choose not to comply because they perceive that the security benefit of compliance is outweighed by the cost that is the impact of compliance on their abilities to complete their operational tasks. That is, they perceive security compliance as hindering their work. The ‘compliance budget’ is a concept in information security that describes how the users of an organization’s systems determine the extent to which they comply with the specified security policy. The purpose of this paper is to initiate a qualitative logical analysis of, and so provide reasoning tools for, this important concept in security economics for which quantitative analysis is difficult to establish. We set up a simple temporal logic of preferences, with a semantics given in terms of histories and sets of preferences, and explain how to use it to model and reason about the compliance budget. The key ingredients are preference update, to account for behavioural change in response to policy change, and an ability to handle uncertainty, to account for the lack of quantitative measures.

Type: Proceedings paper
Title: A logic for the compliance budget
Event: GameSec 2016: 7th International Conference on Decision and Game Theory for Security, 2-4 November 2016, New York, USA
Location: New York
Dates: 02 November 2016 - 04 November 2016
ISBN-13: 9783319474120
Open access status: An open access version is available from UCL Discovery
DOI: 10.1007/978-3-319-47413-7_21
Publisher version: http://dx.doi.org/10.1007/978-3-319-47413-7_21
Language: English
Additional information: Copyright © Springer International Publishing AG 2016. The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-319-47413-7_21.
UCL classification: UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/1508340
Downloads since deposit
31Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item