The compliance budget: Managing security behaviour in organisations

Proceedings New Security Paradigms Workshop

Volumn , Issue , 2009, Pages 47-58

  Beautement, Adam ^a   Sasse, M Angela ^a   Wonham, Mike ^b  

^a UNIVERSITY COLLEGE LONDON   (United Kingdom)

^b HEWLETT PACKARD LABORATORIES   (United Kingdom)

Author keywords

Compliance; Compliance budget; Security behaviour; Security policies

Indexed keywords

COST AND BENEFITS; COSTS AND BENEFITS; EMPLOYEE'S PERCEPTIONS; KEY FACTORS; NEW APPROACHES; SECURITY BREACHES; SECURITY GOALS; SECURITY MANAGER; SECURITY MEASURE; SECURITY POLICY; USABLE SECURITY;

PERSONNEL; SECURITY SYSTEMS; SOCIETIES AND INSTITUTIONS; TECHNICAL PRESENTATIONS;

BUDGET CONTROL;

EID: 77950564668     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1595676.1595684     Document Type: Conference Paper

References (18)

1. J. Adams (1995) Risk. Routledge.
2. A. Adams & M. A. Sasse (1999): Users Are Not The Enemy: Why users compromise security mechanisms and how to take remedial measures. Communications of the ACM, 42 (12), pp. 40-46 December 1999.
3. I. Flechais, M. A. Sasse, & S. M. V. Hailes. Bringing security home: A process for developing secure and usable systems. In ACM/SIGSAC New Security Paradigms Workshop, 2003.
4. Steven J. Greenwald, Kenneth G. Olthoff, Victor Raskin, Willibald Ruch (2004): The User Non-Acceptance Paradigm: INFOSEC's Dirsy Little Secret. Proceedings of the New Security Paradigms Workshop. 2004.
5. Lawrence A. Gordon & Martin P. Loeb (2006): Managing Cybersecurity Resources: A Cost-Benefit Analysis. Mcgraw-Hill.
6. Hemantha S. B. Herath & Tehaswini C. Herath (2007): Cyber-Insurance: Copula Pricing Framework and Implications for Risk Management. Proceedings of the Sixth Workshop on the Economics of Information Security, Carnegie Mellon University, June 7-8, 2007.
7. C. Derrick Huang, Qing Hu & Ravi S. Behara (2006): Economics of Information Security Investment in the Case of Simultaneous Attacks. Proceedings of the Fifth Workshop on the Economics of Information Security, Cambridge University, June 26-28, 2006.
8. M. Eric Johnson & Eric Goetz (2007): Embedding Information Security into the Organisation. IEEE Security & Privacy May/June 2007 pp 16-24.
9. M. Eric Johnson & Scott Dynes (2007): Inadvertent Disclosure - Information Leaks in Extended Enterprise. Proceedings of the Sixth Workshop on the Economics of Information Security, Carnegie Mellon University, June 7-8, 2007.
10. Vincent Kumar, Rahul Telang & Tridas Mukhopahhyay (2007): Optimally securing interconnected information systems and assets. Proceedings of the Sixth Workshop on the Economics of Information Security, Carnegie Mellon University, June 7-8, 2007.
11. Norman, D. A. (1983): Some Observations on Mental Models. In Gentner, D. A. & Stevens, A. A. [Eds.] Mental models. Hillsdale, NJ: Erlbaum.
12. B. Schneier (2000): Secrets and Lies: Digital Security in a Networked World. Wiley.
13. Strauss, A. and Corbin, J. (1990). Basics of qualitative research: Grounded theory procedures and techniques. Sage Publications.
14. D.Weirich & M. A. Sasse (2001): Pretty Good Persuasion: A first step towards effective password security for the Real World. Proceedings of the New Security Paradigms Workshop 2001 (Sept. 10-13, Cloudcroft, NM), pp. 137-143. ACM Press.
15. Weirich (2005): Persuasive Password Security. Unpublished PhD Thesis, Department of Computer Science, University College London, UK.
16. Whitten, A. & Tygar, J. D. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Proceedings of the 8th USENIX Security Symposium, August 1999, Washington 1999.
17. Yee, K P. (2005) User Interaction Design for Secure Systems. In L. Faith Cranor & S. Garfinkel [Eds.]: Security and Usability: Designing secure systems that people can use 2005. pp 13-30. O'Reilly Books.
18. Zurko, M. E. & Simon, R. T. User-Centered Security. New Security Paradigms Workshop 1997.