Trust Economics Feasibility Study (2008)

Author(s): Coles R, Griffin J, Johnson H, Parkin SE, van Moorsel A

    Abstract: We believe that enterprises and other organisations currently lack sophisticated methods and tools to determine if and how IT changes should be introduced in an organisation, such that objective, measurable goals are met. This is especially true when dealing with security-related IT decisions. We report on a feasibility study, Trust Economics, conducted to demonstrate that such methodology can be developed. Assuming a deep understanding of the IT involved, the main components of our trust economics approach are: (i) assess the economic or financial impact of IT security solutions; (ii) determine how humans interact with or respond to IT security solutions; (iii) based on above, use probabilistic and stochastic modelling tools to analyse the consequences of IT security decisions. In the feasibility study we apply the trust economics methodology to address how enterprises should protect themselves against accidental or malicious misuse of USB memory sticks, an acute problem in many industries.

    Notes: Paper presented at International Workshop on Resilience Assessment and Dependability Benchmarking (RADB 2008).Published in DSN Supplement on CD-ROM.

      • Date: 24-27 June 2008
      • Conference Name: 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
      • Pages: A45-A50
      • Publisher: IEEE Computer Society
      • Publication type: Conference Proceedings (inc. abstract)
      • Bibliographic status: Published

        Keywords: trust economics, IT security solutions, USB storage devices, behavioural studies, quantitative modelling

        Staff

        Professor Aad van Moorsel
        Head of School, Professor