Publications

Modeling and analysis of influence power for information security decisions

Iryna Yevseyeva, Charles Morisset  and Aad van Moorsel

Abstract

Users of computing systems and devices frequently make decisions related to information security, e. g., when choosing a password, deciding whether to log into an unfamiliar wireless network. Employers or other stakeholders may have a preference for certain outcomes, without being able to or having a desire to enforce a particular decision. In such situations, systems may build in design nudges to influence the decision making, e. g., by highlighting the employer’s preferred solution. In this paper we model influencing information security to identify which approaches to influencing are most effective and how they can be optimized. To do so, we extend traditional multi-criteria decision analysis models with modifiable criteria, to represent the available approaches an influencer has for influencing the choice of the decision maker. The notion of influence power is introduced to characterize the extent to which an influencer can influence decision makers. We illustrate our approach using data from a controlled experiment on techniques to influence which public wireless network users select. This allows us to calculate influence power and identify which design nudges exercise the most influence over user decisions.

Date: April 2016
Published: Performance Evaluation An International Journal Volume 9898                                                                                                                                                                                    Publisher: Elsevier
Publisher URL: http://www.sciencedirect.com/science/article/pii/S0166531616000043 
Full text: https://goo.gl/v8EOOg                                                                                                                                               DOI: http://dx.doi.org/10.1016/j.peva.2016.01.003