Trust Economics Feasibility Study (2008)

Author(s): Coles R, Griffin J, Johnson H, Monahan B, Parkin S, Pym D, Sasse A, van Moorsel A

    Abstract: We believe that enterprises and other organisations currently lack sophisticated methods and tools to determine if and how IT changes should be introduced in an organisation, such that objective, measurable goals are met. This is especially true when dealing with security-related IT decisions. We report on a feasibility study, Trust Economics, conducted to demonstrate that such methodology can be developed. Assuming a deep understanding of the IT involved, the main components of our trust economics approach are: (i) assess the economic or financial impact of IT security solutions; (ii) determine how humans interact with or respond to IT security solutions; (iii) based on above, use probabilistic and stochastic modelling tools to analyse the consequences of IT security decisions. In the feasibility study we apply the trust economics methodology to address how enterprises should protect themselves against accidental or malicious misuse of USB memory sticks, an acute problem in many industries.

      • Date: June 2008
      • Series Title: School of Computing Science Technical Report Series
      • Pages: 10
      • Institution: School of Computing Science, University of Newcastle upon Tyne
      • Publication type: Report
      • Bibliographic status: Published

      Keywords: trust economics, IT security solutions, USB storage devices, behavioural studies, quantitative modelling

      Staff

      Professor Aad van Moorsel
      Head of School, Professor