Show simple item record

dc.contributor.authorYevseyeva, Irynaen
dc.contributor.authorMorisset, Charlesen
dc.contributor.authorvan Moorsel, Aaden
dc.date.accessioned2016-05-26T14:05:41Z
dc.date.available2016-05-26T14:05:41Z
dc.date.issued2016-04
dc.identifier.citationYevseyeva, I., Morisset, C., van Moorsel, A. (2016) Modeling and analysis of influence power for information security decisions. Performance Evaluation, 98, pp. 36-51en
dc.identifier.urihttp://hdl.handle.net/2086/12089
dc.description.abstractUsers of computing systems and devices frequently make decisions related to information security, e. g., when choosing a password, deciding whether to log into an unfamiliar wireless network. Employers or other stakeholders may have a preference for certain outcomes, without being able to or having a desire to enforce a particular decision. In such situations, systems may build in design nudges to influence the decision making, e. g., by highlighting the employer’s preferred solution. In this paper we model influencing information security to identify which approaches to influencing are most effective and how they can be optimized. To do so, we extend traditional multi-criteria decision analysis models with modifiable criteria, to represent the available approaches an influencer has for influencing the choice of the decision maker. The notion of influence power is introduced to characterize the extent to which an influencer can influence decision makers. We illustrate our approach using data from a controlled experiment on techniques to influence which public wireless network users select. This allows us to calculate influence power and identify which design nudges exercise the most influence over user decisions.en
dc.language.isoenen
dc.publisherElsevieren
dc.subjectInformation securityen
dc.subjectSecurity–productivity trade-offsen
dc.subjectMulticriteria decision analysisen
dc.subjectInfluencing behavioren
dc.subjectNudgingen
dc.subjectInfluence poweren
dc.titleModeling and analysis of influence power for information security decisionsen
dc.typeArticleen
dc.identifier.doihttp://dx.doi.org/10.1016/j.peva.2016.01.003
dc.researchgroupCyber Security Centreen
dc.peerreviewedYesen
dc.explorer.multimediaNoen
dc.funderEPSRC (Engineering and Physical Sciences Research Council)en
dc.funderGovernment Communications Headquarters (GCHQ)en
dc.projectidEP/K006568/1en
dc.cclicenceCC-BY-NC-NDen
dc.researchinstituteCyber Technology Institute (CTI)en


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record