Systematic Decision Making in Security Management: Modelling Password Usage and Support

David J. Pym

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We demonstrate the use of a systematic decision-making methodology to support an informed choice of a password policy. Our approach uses an executable system model, grounded in empirical data, to compare, using simulations, two different policy options. The problem is framed economically, with the basis of the comparison being a notion of organizational utility. We quantify utility in this case by considering breaches of system security, users' productivity, and investment in support operations. Using our results, we are able to explore trade-offs between these factors and thus determine the optimal policy configuration given the initial conditions.
Original languageEnglish
Title of host publicationProceedings of the International Workshop on Quantitative Aspects in Security Assurance (QASA 2012): Affiliated Workshop of ESORICS 2012.
Number of pages12
Publication statusPublished - 2012
EventQASA 2012 International Workshop on Quantitative Aspects in Security Assurance: Affiliated workshop with ESORICS - Pisa, Italy
Duration: 14 Sep 2012 → …

Conference

ConferenceQASA 2012 International Workshop on Quantitative Aspects in Security Assurance: Affiliated workshop with ESORICS
CountryItaly
CityPisa
Period14/09/12 → …

Fingerprint Dive into the research topics of 'Systematic Decision Making in Security Management: Modelling Password Usage and Support'. Together they form a unique fingerprint.

Cite this