85,041 research outputs found

    The economics of user effort in information security

    Get PDF
    A significant number of security breaches result from employees' failures to comply with security policies. The cause is often an honest mistake, such as when an employee enters their password in a phishing website, believing it to be a legitimate one.1 It can also be a workaround when faced with an impossible task, such as when an employee has so many different passwords that they must be written down

    Game Theory Meets Network Security: A Tutorial at ACM CCS

    Full text link
    The increasingly pervasive connectivity of today's information systems brings up new challenges to security. Traditional security has accomplished a long way toward protecting well-defined goals such as confidentiality, integrity, availability, and authenticity. However, with the growing sophistication of the attacks and the complexity of the system, the protection using traditional methods could be cost-prohibitive. A new perspective and a new theoretical foundation are needed to understand security from a strategic and decision-making perspective. Game theory provides a natural framework to capture the adversarial and defensive interactions between an attacker and a defender. It provides a quantitative assessment of security, prediction of security outcomes, and a mechanism design tool that can enable security-by-design and reverse the attacker's advantage. This tutorial provides an overview of diverse methodologies from game theory that includes games of incomplete information, dynamic games, mechanism design theory to offer a modern theoretic underpinning of a science of cybersecurity. The tutorial will also discuss open problems and research challenges that the CCS community can address and contribute with an objective to build a multidisciplinary bridge between cybersecurity, economics, game and decision theory

    Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010

    Get PDF
    It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of ‘security’ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U

    Online Personal Data Processing and EU Data Protection Reform. CEPS Task Force Report, April 2013

    Get PDF
    This report sheds light on the fundamental questions and underlying tensions between current policy objectives, compliance strategies and global trends in online personal data processing, assessing the existing and future framework in terms of effective regulation and public policy. Based on the discussions among the members of the CEPS Digital Forum and independent research carried out by the rapporteurs, policy conclusions are derived with the aim of making EU data protection policy more fit for purpose in today’s online technological context. This report constructively engages with the EU data protection framework, but does not provide a textual analysis of the EU data protection reform proposal as such

    The economics of pensions.

    Get PDF
    This paper sets out the economic analytics of pensions. After introductory discussion, successive sections consider the effects of different pension arrangements on labour markets, on national savings and growth, and on the distribution of burdens and benefits. These areas are controversial and politically highly salient. While we are open about expressing our own views, the main purpose of the paper is to set out the analytical process by which we reach them, to enable readers to form their own conclusions.

    Exploring the impact of different cost heuristics in the allocation of safety integrity levels

    Get PDF
    Contemporary safety standards prescribe processes in which system safety requirements, captured early and expressed in the form of Safety Integrity Levels (SILs), are iteratively allocated to architectural elements. Different SILs reflect different requirements stringencies and consequently different development costs. Therefore, the allocation of safety requirements is not a simple problem of applying an allocation "algebra" as treated by most standards; it is a complex optimisation problem, one of finding a strategy that minimises cost whilst meeting safety requirements. One difficulty is the lack of a commonly agreed heuristic for how costs increase between SILs. In this paper, we define this important problem; then we take the example of an automotive system and using an automated approach show that different cost heuristics lead to different optimal SIL allocations. Without automation it would have been impossible to explore the vast space of allocations and to discuss the subtleties involved in this problem

    Deterrence and Morale in Taxation: An Empirical Analysis

    Get PDF
    The standard model of tax evasion based on the subjective expected utility maximization does not perform particularly well in econometric analyses: it predicts too little evasion and produces unsatisfactory econometric parameter estimates. The model is extended by looking at how the tax authority deals with the taxpayers. Based on econometric estimates, it is shown that taxpayers’ tax morale is raised when the tax officials treat them with respect. In contrast, when tax officials solely rely on deterrence taxpayers tend to respond by actively trying to avoid taxation.

    Co-regulation and voluntarism in the provision of food safety: lessons from institutional economics

    Get PDF
    Traditional regulation in the food safety domain has been in the form of mandatory, inflexible food safety controls that are applied to firms. There has been a trend away from this regulatory paradigm towards more co-regulation and self-regulation by industry. This paper investigates the potential for systemic failure in the provision of safe food that might arise as a consequence of this new regulatory paradigm. These systemic failures occur owing to the fact that the food safety outcome depends on the behaviour of the three sets of agents (firms, consumers and the regulator). These populations of agents have generally been treated in the literature as homogeneous in terms of their behaviour and strategies. Further, the actions taken by any one agent are assumed to be independent of those taken by others. The institutional economics model that is developed assumes heterogeneity and inter-agent strategic interactions. Given this (more realistic) depiction of behaviour, instances of potential regulatory inefficiencies arise . In particular, the model challenges the trend towards voluntarism and self-regulation.co-regulation, strategic behaviour, food safety, ex ante regulation, institutional economics, Food Consumption/Nutrition/Food Safety, Institutional and Behavioral Economics,
    corecore