Trust Economics Feasibility Study

We believe that enterprises and other organisations currently lack sophisticated methods and tools to determine if and how IT changes should be introduced in an organisation, such that objective, measurable goals are met. This is especially true when dealing with security-related IT decisions. We report on a feasibility study, Trust Economics, conducted to demonstrate that such methodology can be developed. Assuming a deep understanding of the IT involved, the main components of our trust economics approach are: (i) assess the economic or financial impact of IT security solutions; (ii) determine how humans interact with or respond to IT security solutions; (iii) based on above, use probabilistic and stochastic modelling tools to analyse the consequences of IT security decisions. In the feasibility study we apply the trust economics methodology to address how enterprises should protect themselves against accidental or malicious misuse of USB memory sticks, an acute problem in many industries.

[1]  Aad van Moorsel,et al.  Mitigating Provider Uncertainty in Service Provision Contracts , 2010, Economic Models and Algorithms for Distributed Systems.

[2]  Ravindra Rao Dynamics of Discrete Event Systems , 1991 .

[3]  William H. Sanders,et al.  The Mobius modeling tool , 2001, Proceedings 9th International Workshop on Petri Nets and Performance Models.

[4]  Simon Edward Parkin,et al.  The Impact of Unavailability on the Effectiveness of Enterprise Information Security Technologies , 2008, ISAS.

[5]  Christopher D. Manning,et al.  DEMOS , 2009 .

[6]  M. Angela Sasse,et al.  Pretty good persuasion: a first step towards effective password security in the real world , 2001, NSPW '01.

[7]  Pamela Jordan Basics of qualitative research: Grounded theory procedures and techniques , 1994 .

[8]  M. Angela Sasse,et al.  Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security , 2008, WEIS.

[9]  Hilary Johnson,et al.  Towards modeling individual and collaborative construction of jigsaws using task knowledge structures (TKS) , 2003, TCHI.

[10]  Kishor S. Trivedi,et al.  Performance and Reliability Analysis of Computer Systems , 1996, Springer US.

[11]  M. A. Van,et al.  A Trust-economic Perspective on Information Security Technologies , 2007 .

[12]  D. Watts,et al.  Designing Resilient , Sustainable Systems , 2022 .

[13]  Rahul Telang,et al.  An Empirical Analysis of the Impact of Software Vulnerability Announcements on Firm Stock Price , 2007, IEEE Transactions on Software Engineering.

[14]  David J. Pym,et al.  A Calculus and logic of resources and processes , 2006, Formal Aspects of Computing.

[15]  David J. Pym,et al.  Systems Modelling via Resources and Processes: Philosophy, Calculus, Semantics, and Logic , 2007, Computation, Meaning, and Logic.