UCL  IRIS
Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at http://www.ucl.ac.uk/finance/research/post_award/post_award_contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
A logic for the compliance budget
  • Publication Type:
    Conference
  • Authors:
    Anderson G, McCusker G, Pym D
  • Publisher:
    Springer International Publishing
  • Publication date:
    02/11/2016
  • Pagination:
    370, 381
  • Published proceedings:
    Decision and Game Theory for Security: Proceedings of the 7th International Conference, GameSec 2016
  • Volume:
    9996
  • Series:
    Lecture Notes in Computer Science
  • Editors:
    Zhu Q,Alpcan T,Panaousis E,Tambe M,Casey W
  • ISBN-13:
    9783319474120
  • Status:
    Published
  • Name of conference:
    GameSec 2016: 7th International Conference on Decision and Game Theory for Security
  • Conference place:
    New York
  • Conference start date:
    02/11/2016
  • Conference finish date:
    04/11/2016
  • Print ISSN:
    0302-9743
  • Language:
    English
Abstract
Security breaches often arise as a result of users’ failure to comply with security policies. Such failures to comply may simply be innocent mistakes. However, there is evidence that, in some circumstances, users choose not to comply because they perceive that the security benefit of compliance is outweighed by the cost that is the impact of compliance on their abilities to complete their operational tasks. That is, they perceive security compliance as hindering their work. The ‘compliance budget’ is a concept in information security that describes how the users of an organization’s systems determine the extent to which they comply with the specified security policy. The purpose of this paper is to initiate a qualitative logical analysis of, and so provide reasoning tools for, this important concept in security economics for which quantitative analysis is difficult to establish. We set up a simple temporal logic of preferences, with a semantics given in terms of histories and sets of preferences, and explain how to use it to model and reason about the compliance budget. The key ingredients are preference update, to account for behavioural change in response to policy change, and an ability to handle uncertainty, to account for the lack of quantitative measures.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Author
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by