Abstract
We demonstrate the use of a systematic decision-making methodology to support an informed choice of a password policy. Our approach uses an executable system model, grounded in empirical data, to compare, using simulations, two different policy options. The problem is framed economically, with the basis of the comparison being a notion of organizational utility. We quantify utility in this case by considering breaches of system security, users' productivity, and investment in support operations. Using our results, we are able to explore trade-offs between these factors and thus determine the optimal policy configuration given the initial conditions.
Original language | English |
---|---|
Title of host publication | HP Laboratories Technical Reports |
Publisher | HP Laboratories |
Number of pages | 12 |
Publication status | Published - 21 Mar 2011 |
Event | QASA 2012 International Workshop on Quantitative Aspects in Security Assurance: Affiliated workshop with ESORICS - Pisa, Italy Duration: 14 Sept 2012 → 14 Sept 2012 |
Conference
Conference | QASA 2012 International Workshop on Quantitative Aspects in Security Assurance: Affiliated workshop with ESORICS |
---|---|
Country/Territory | Italy |
City | Pisa |
Period | 14/09/12 → 14/09/12 |
Keywords
- security analytics
- security management
- economics
- password