An information security risk-driven investment model for analysing human factors

Modern organisational structure and risk management model are characterised by a wide range of forces including the role of human factors which combine to create an unprecedented level of uncertainty and exposure to information security risk, investment and decision making process. Developing a risk-driven investment model for information security systems with consideration of subjective nature of critical human factors, is a challenging task. The overall success of an information security system depends on analysis of the risks and threats so that appropriate protection mechanism can be in place to protect them. However, lack of appropriate analysis of such dependencies and understanding potentially results in information security systems to fail or to fully achieve their that depend on them. Existing literature does not provide adequate guidelines for a systematic process or an appropriate modelling language to support such analysis. This paper fills this gap by introducing a process that allows information security managers to capture possible riskinvestment relationships and to reason about them. The process is supported by a modelling language based on a set of concepts relating to trust and control and secure tropos and requirements engineering. In order to demonstrate the applicability and usefulness of the approach a descriptive example from an UK organisation is used. Keywords: Information Security (IS), Information Security Risk-Driven Investment Model (RIDIM), Risk, Social Engineering Attacks (SEAs), Security Investment (SI), Return On Investment in Information Security (ROISI)

A Risk-Driven Investment Model for Analysing Human Factors in Information Security

Information systems are of high importance in organisations because of the revolutionary industrial transformation undergone by digital and electronic platforms. A wide range of factors and issues forming the current business environments have created an unprecedented level of uncertainty and exposure to risks in all areas of strategic and operational activities in organisations including IT management and information security. Subsequently, securing these systems, which keep assets safe, serves organisational objectives. The Information Security System (ISS) is a process that organisations can adopt to achieve information security goals. It has gained the attention of academics, businesses, governments, security and IT professionals in recent years. Like any other system, the ISS is highly dependent on human factors as people are the primary concern of such systems and their roles should be taken into consideration. However, identifying reasoning and analysing human factors is a complex task. This is due to the fact that human factors are hugely subjective in nature and depend greatly on the specific organisational context. Every ISS development has unique demands both in terms of human factor specifications and organisational expectations. Developing an ISS often involves a notable proportion of risk due to the nature of technology and business demands; therefore, responding to these demands and technological challenges is critical. Furthermore, every business decision has inherent risk, and it is crucial to understand and make decisions based on the cost and potential value of that risk. Most research is solely concentrated upon the role of human factors in information security without addressing interrelated issues such as risk, cost and return of investment in security. The central focus and novelty of this research is to develop a risk-driven investment model within the security system framework. This model will support the analysis and reasoning of human factors in the information system development process. It contemplates risk, cost and the return of investment on security controls. The model will consider concepts from Requirements Engineering (RE), Security Tropos and organisational context. This model draws from the following theories and techniques: Socio-technical theory, Requirements Engineering (RE), SWOT analysis, Delphi Expert Panel technique and Force Field Analysis (FFA). The findings underline that the roles of human factors in ISSs are not being fully recognised or embedded in organisations and there is a lack of formalisation of main human factors in information security risk management processes. The study results should confirm that a diverse level of understanding of human factors impacts security systems. Security policies and guidelines do not reflect this reality. Moreover, information security has been perceived as being solely the domain of IT departments and not a collective responsibility, with the importance of the support of senior management ignored. A further key finding is the validation of all components of the Security Risk-Driven Model (RIDIM). Model components were found to be iterative and interdependent. The RIDIM model provides a significant opportunity to identify, assess and address these elements. Some elements of ISSs offered in this research can be used to evaluate the role of human factors in enterprise information security; therefore, the research presents some aspects of computer science and information system features to introduce a solution for a business-oriented problem. The question of how to address the psychological dimensions of human factors related to information security would, however, be a rich topic of research on its own. The risk-driven investment model provides tangible methods and values of relevant variables that define the human factors, risk and return on investment that contribute to organisations’ information security systems. Such values and measures need to be interpreted in the context of organisational culture and the risk management model. Further research into the implementation of these measurements and evaluations for improving organisational risk management is required

CLASSICAL LASSICAL AND BEHAVIOURAL FINANCE IN INVESTOR DECISION

Conceptual model of individual investor behavior presented in this paper aims to structure a part of the vast knowledge about investor behavior that is present in the finance field. The investment process could be seen as driven by dual mental processes (cognitive and affective) and the interplay between these systems contributes to bounded rational behavior manifested through various heuristics and biases. The investment decision is seen as a result of an interaction between the investor and the investment environmentinvestor behaviour; financial decisions making; cognitive modelling,;sentiments; market efficiency

The future of work: Towards a progressive agenda for all. EPC Issue Paper 9 DECEMBER 2019

Europe’s labour markets and the world of work in general are being transformed by the megatrends of globalisation, the fragmentation of the production and value chain, demographic ageing, new societal aspirations and the digitalisation of the economy. This Issue Paper presents the findings and policy recommendations of “The future of work – Towards a progressive agenda for all”, a European Policy Centre research project. Its main objectives were to expand public knowledge about these profound changes and to reverse the negative narrative often associated with this topic. It aimed to show how human decisions and the right policies can mitigate upcoming disruptions and provide European and national policymakers with a comprehensive toolkit for a progressive agenda for the new world of work

Endogenous Correlation

We model endogenous correlation in asset returns via the role of heterogeneous expectations in investor types, and the dynamic impact of imitative learning by investors. Learning is driven by relative performance. In addition, we allow a cautious slow learning pace to reflect institutional conditions. Imitative learning shapes the market ecology that influences price formation. Using the model of non-imitative agents as a benchmark, our results show that the dynamics of imitative learning endogenously induce a significant degree of asset dependency and patterns of non-constant correlation. The asymmetric learning effect on correlation, however, implies a self-reinforcing process, where a bearish condition amplifies the effect that further exacerbates asset dependency. We conclude that imitative learning, even when rational, can to a certain extent account for the phenomena of market crashes. Our results have implications for transparency in regulation issues

Social Effectiveness of Tertiary Education for Adults in Mid-life

No abstract available

Production of Innovations within Farmer–Researcher Associations Applying Transdisciplinary Research Principles

Small-scale farmers in sub-Saharan West Africa depend heavily on local resources and local knowledge. Science-based knowledge is likely to aid decision-making in complex situations. In this presentation, we highlight a FiBL-coordinated research partnership between three national producer organisations and national agriculture research bodies in Mali, Burkina Faso, and Benin. The partnership seeks to compare conventional, GMObased, and organic cotton systems as regards food security and climate change