Research

A Logic for the Compliance Budget


Reference:

Anderson, G., McCusker, G. and Pym, D., 2016. A Logic for the Compliance Budget. In: Zhu, Q., Alpcan, T., Panaousis, E., Tambe, M. and Casey, W., eds. Proceedings, GameSec 2016- Decision and Game Theory for Security. Springer Verlag, pp. 370-381. (Lecture Notes in Computer Science; 9996)

Related documents:

[img]
Preview
PDF (AndersonMcCuskerPym-GameSec2016) - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Download (611kB) | Preview

    Official URL:

    https://doi.org/10.1007/978-3-319-47413-7_21

    Abstract

    Security breaches often arise as a result of users? failure to comply with security policies. Such failures to comply may simply be innocent mistakes. However, there is evidence that, in some circumstances, users choose not to comply because they perceive that the security benefit of compliance is outweighed by the cost that is the impact of compliance on their abilities to complete their operational tasks. That is, they perceive security compliance as hindering their work. The ?compliance budget? is a concept in information security that describes how the users of an organization?s systems determine the extent to which they comply with the specified security policy. The purpose of this paper is to initiate a qualitative logical analysis of, and so provide reasoning tools for, this important concept in security economics for which quantitative analysis is difficult to establish. We set up a simple temporal logic of preferences, with a semantics given in terms of histories and sets of preferences, and explain how to use it to model and reason about the compliance budget. The key ingredients are preference update, to account for behavioural change in response to policy change, and an ability to handle uncertainty, to account for the lack of quantitative measures.

    Details

    Item Type Book Sections
    CreatorsAnderson, G., McCusker, G. and Pym, D.
    EditorsZhu, Q., Alpcan, T., Panaousis, E., Tambe, M. and Casey, W.
    DOI10.1007/978-3-319-47413-7_21
    DepartmentsFaculty of Science > Computer Science
    StatusPublished
    ID Code52425

    Export

    Actions (login required)

    View Item

    Document Downloads

    More statistics for this item...