Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security

Adam Beautement, Robert Coles, Jonathan Griffin, Christos Ioannidis, Brian Monahan, David J. Pym, Angela Sasse, Michael Wonham

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Organizations deploy systems technologies in order to support their operations and achieve their business objectives. In so doing, they encounter tensions between the confidentiality, integrity, and availability of information, and must make investments in information security measures to address these concerns. We discuss how a macroeconomics-inspired model, analogous to models of interest rate policy used by central banks, can be used to understand trade-offs between investments against threats to confidentiality and availability. We investigate how such a model might be formulated by constructing a process model, based on empirically obtained data, of the use of USB memory sticks by employees of a financial management company.
Original languageEnglish
Title of host publicationManaging Information Risk and the Economics of Security
EditorsM. Eric Johnson
Place of PublicationNew York, NY, USA
PublisherSpringer Science+Business Media
Pages141-163
Number of pages23
ISBN (Print)0387097619, 978-0387097619
DOIs
Publication statusPublished - 2 Dec 2008

Fingerprint

Costs and benefits
Modeling
Confidentiality
Macroeconomic models
Trade-offs
Interest rate policy
Threat
Information security
Business objectives
Process model
Central bank
Financial management
Integrity
Employees
Technology system

Cite this

Beautement, A., Coles, R., Griffin, J., Ioannidis, C., Monahan, B., Pym, D. J., ... Wonham, M. (2008). Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security. In M. E. Johnson (Ed.), Managing Information Risk and the Economics of Security (pp. 141-163). New York, NY, USA: Springer Science+Business Media. https://doi.org/10.1007/978-0-387-09762-6_7

Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security. / Beautement, Adam ; Coles, Robert ; Griffin, Jonathan; Ioannidis, Christos; Monahan, Brian; Pym, David J.; Sasse, Angela; Wonham, Michael.

Managing Information Risk and the Economics of Security. ed. / M. Eric Johnson. New York, NY, USA : Springer Science+Business Media, 2008. p. 141-163.

Research output: Chapter in Book/Report/Conference proceedingChapter

Beautement, A, Coles, R, Griffin, J, Ioannidis, C, Monahan, B, Pym, DJ, Sasse, A & Wonham, M 2008, Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security. in ME Johnson (ed.), Managing Information Risk and the Economics of Security. Springer Science+Business Media, New York, NY, USA, pp. 141-163. https://doi.org/10.1007/978-0-387-09762-6_7
Beautement A, Coles R, Griffin J, Ioannidis C, Monahan B, Pym DJ et al. Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security. In Johnson ME, editor, Managing Information Risk and the Economics of Security. New York, NY, USA: Springer Science+Business Media. 2008. p. 141-163 https://doi.org/10.1007/978-0-387-09762-6_7
Beautement, Adam ; Coles, Robert ; Griffin, Jonathan ; Ioannidis, Christos ; Monahan, Brian ; Pym, David J. ; Sasse, Angela ; Wonham, Michael. / Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security. Managing Information Risk and the Economics of Security. editor / M. Eric Johnson. New York, NY, USA : Springer Science+Business Media, 2008. pp. 141-163
@inbook{41b98db71a7c4e17bb7bada983c94086,
title = "Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security",
abstract = "Organizations deploy systems technologies in order to support their operations and achieve their business objectives. In so doing, they encounter tensions between the confidentiality, integrity, and availability of information, and must make investments in information security measures to address these concerns. We discuss how a macroeconomics-inspired model, analogous to models of interest rate policy used by central banks, can be used to understand trade-offs between investments against threats to confidentiality and availability. We investigate how such a model might be formulated by constructing a process model, based on empirically obtained data, of the use of USB memory sticks by employees of a financial management company.",
author = "Adam Beautement and Robert Coles and Jonathan Griffin and Christos Ioannidis and Brian Monahan and Pym, {David J.} and Angela Sasse and Michael Wonham",
year = "2008",
month = "12",
day = "2",
doi = "10.1007/978-0-387-09762-6_7",
language = "English",
isbn = "0387097619",
pages = "141--163",
editor = "Johnson, {M. Eric }",
booktitle = "Managing Information Risk and the Economics of Security",
publisher = "Springer Science+Business Media",

}

TY - CHAP

T1 - Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security

AU - Beautement, Adam

AU - Coles, Robert

AU - Griffin, Jonathan

AU - Ioannidis, Christos

AU - Monahan, Brian

AU - Pym, David J.

AU - Sasse, Angela

AU - Wonham, Michael

PY - 2008/12/2

Y1 - 2008/12/2

N2 - Organizations deploy systems technologies in order to support their operations and achieve their business objectives. In so doing, they encounter tensions between the confidentiality, integrity, and availability of information, and must make investments in information security measures to address these concerns. We discuss how a macroeconomics-inspired model, analogous to models of interest rate policy used by central banks, can be used to understand trade-offs between investments against threats to confidentiality and availability. We investigate how such a model might be formulated by constructing a process model, based on empirically obtained data, of the use of USB memory sticks by employees of a financial management company.

AB - Organizations deploy systems technologies in order to support their operations and achieve their business objectives. In so doing, they encounter tensions between the confidentiality, integrity, and availability of information, and must make investments in information security measures to address these concerns. We discuss how a macroeconomics-inspired model, analogous to models of interest rate policy used by central banks, can be used to understand trade-offs between investments against threats to confidentiality and availability. We investigate how such a model might be formulated by constructing a process model, based on empirically obtained data, of the use of USB memory sticks by employees of a financial management company.

U2 - 10.1007/978-0-387-09762-6_7

DO - 10.1007/978-0-387-09762-6_7

M3 - Chapter

SN - 0387097619

SN - 978-0387097619

SP - 141

EP - 163

BT - Managing Information Risk and the Economics of Security

A2 - Johnson, M. Eric

PB - Springer Science+Business Media

CY - New York, NY, USA

ER -