Economic methods and decision making by security professionals

A Baldwin, Y Beres, Geoffrey B Duggan, M Cassassa Mont, H Johnson, C Middup, S Shiu

Research output: Contribution to conferencePaper

Abstract

Increasing reliance on IT and the worsening threat environment mean that organisations are under pressure to invest more in information security. A challenge is that the choices are hard: money is tight, objectives are not clear, and there are many relevant experts and stakeholders. A significant proportion of the research in security economics is about helping people and organisations make better security investment and policy decisions. This paper looks at the impact of methods based on security economics on a set of decision makers. Importantly, the study focused upon experienced security professionals using a realistic security problem relating to client infrastructure. Results indicated that the methods changed the decision processes for these experienced security professionals. Specifically, a broader range of factors were accounted for and included as justifications for the decisions selected. The security professional is an (important and influential) stakeholder in the organization decision making process, and arguably a more complete understanding of the problem is more suitable for persuading a broader business audience. More generally the study complements all research in security economics that is aimed at improving decision making, and suggests ways to proceed and test for the impact of new methods on the actual decision makers.
Original languageEnglish
Publication statusPublished - 2011
EventTenth Workshop on Economics of Information Security (WEIS 2011) - George Mason University, Virginia
Duration: 14 Jun 201115 Jun 2011

Conference

ConferenceTenth Workshop on Economics of Information Security (WEIS 2011)
CityGeorge Mason University, Virginia
Period14/06/1115/06/11

Fingerprint

Economics
Decision making
Economic security
Stakeholders
Decision maker
Threat
Justification
Decision-making process
Information security
Decision process
Proportion
Factors

Cite this

Baldwin, A., Beres, Y., Duggan, G. B., Cassassa Mont, M., Johnson, H., Middup, C., & Shiu, S. (2011). Economic methods and decision making by security professionals. Paper presented at Tenth Workshop on Economics of Information Security (WEIS 2011), George Mason University, Virginia, .

Economic methods and decision making by security professionals. / Baldwin, A; Beres, Y; Duggan, Geoffrey B; Cassassa Mont, M; Johnson, H; Middup, C; Shiu, S.

2011. Paper presented at Tenth Workshop on Economics of Information Security (WEIS 2011), George Mason University, Virginia, .

Research output: Contribution to conferencePaper

Baldwin, A, Beres, Y, Duggan, GB, Cassassa Mont, M, Johnson, H, Middup, C & Shiu, S 2011, 'Economic methods and decision making by security professionals' Paper presented at Tenth Workshop on Economics of Information Security (WEIS 2011), George Mason University, Virginia, 14/06/11 - 15/06/11, .
Baldwin A, Beres Y, Duggan GB, Cassassa Mont M, Johnson H, Middup C et al. Economic methods and decision making by security professionals. 2011. Paper presented at Tenth Workshop on Economics of Information Security (WEIS 2011), George Mason University, Virginia, .
Baldwin, A ; Beres, Y ; Duggan, Geoffrey B ; Cassassa Mont, M ; Johnson, H ; Middup, C ; Shiu, S. / Economic methods and decision making by security professionals. Paper presented at Tenth Workshop on Economics of Information Security (WEIS 2011), George Mason University, Virginia, .
@conference{bf81a640c821413bb665acd425b127a1,
title = "Economic methods and decision making by security professionals",
abstract = "Increasing reliance on IT and the worsening threat environment mean that organisations are under pressure to invest more in information security. A challenge is that the choices are hard: money is tight, objectives are not clear, and there are many relevant experts and stakeholders. A significant proportion of the research in security economics is about helping people and organisations make better security investment and policy decisions. This paper looks at the impact of methods based on security economics on a set of decision makers. Importantly, the study focused upon experienced security professionals using a realistic security problem relating to client infrastructure. Results indicated that the methods changed the decision processes for these experienced security professionals. Specifically, a broader range of factors were accounted for and included as justifications for the decisions selected. The security professional is an (important and influential) stakeholder in the organization decision making process, and arguably a more complete understanding of the problem is more suitable for persuading a broader business audience. More generally the study complements all research in security economics that is aimed at improving decision making, and suggests ways to proceed and test for the impact of new methods on the actual decision makers.",
author = "A Baldwin and Y Beres and Duggan, {Geoffrey B} and {Cassassa Mont}, M and H Johnson and C Middup and S Shiu",
year = "2011",
language = "English",
note = "Tenth Workshop on Economics of Information Security (WEIS 2011) ; Conference date: 14-06-2011 Through 15-06-2011",

}

TY - CONF

T1 - Economic methods and decision making by security professionals

AU - Baldwin, A

AU - Beres, Y

AU - Duggan, Geoffrey B

AU - Cassassa Mont, M

AU - Johnson, H

AU - Middup, C

AU - Shiu, S

PY - 2011

Y1 - 2011

N2 - Increasing reliance on IT and the worsening threat environment mean that organisations are under pressure to invest more in information security. A challenge is that the choices are hard: money is tight, objectives are not clear, and there are many relevant experts and stakeholders. A significant proportion of the research in security economics is about helping people and organisations make better security investment and policy decisions. This paper looks at the impact of methods based on security economics on a set of decision makers. Importantly, the study focused upon experienced security professionals using a realistic security problem relating to client infrastructure. Results indicated that the methods changed the decision processes for these experienced security professionals. Specifically, a broader range of factors were accounted for and included as justifications for the decisions selected. The security professional is an (important and influential) stakeholder in the organization decision making process, and arguably a more complete understanding of the problem is more suitable for persuading a broader business audience. More generally the study complements all research in security economics that is aimed at improving decision making, and suggests ways to proceed and test for the impact of new methods on the actual decision makers.

AB - Increasing reliance on IT and the worsening threat environment mean that organisations are under pressure to invest more in information security. A challenge is that the choices are hard: money is tight, objectives are not clear, and there are many relevant experts and stakeholders. A significant proportion of the research in security economics is about helping people and organisations make better security investment and policy decisions. This paper looks at the impact of methods based on security economics on a set of decision makers. Importantly, the study focused upon experienced security professionals using a realistic security problem relating to client infrastructure. Results indicated that the methods changed the decision processes for these experienced security professionals. Specifically, a broader range of factors were accounted for and included as justifications for the decisions selected. The security professional is an (important and influential) stakeholder in the organization decision making process, and arguably a more complete understanding of the problem is more suitable for persuading a broader business audience. More generally the study complements all research in security economics that is aimed at improving decision making, and suggests ways to proceed and test for the impact of new methods on the actual decision makers.

M3 - Paper

ER -