Publications

Decision support approaches for cyber security investment

Andrew Fieldera, Emmanouil Panaousisb, Pasquale Malacariac, Chris Hankina, Fabrizio Smeraldi Abstract When investing in cyber security resources, information security managers have to follow effective decision-making strategies. We refer to this as the cyber security investment challenge. In this paper, we consider three possible decision support methodologies for security managers to Read more…

By Emma Bowman, ago
Publications

Efficient Numerical Frameworks for Multi-objective Cyber Security Planning

Simon Parkin, Samy Driss, Kat Krol and M. Angela Sasse Abstract We consider the problem of optimal investment in cyber-security by an enterprise. Optimality is measured with respect to the overall (1) monetary cost of implementation, (2) negative side-effects of cyber-security controls (indirect costs), and (3) mitigation of the cyber-security risk. We consider “passive” and “reactive” threats, the Read more…

By Emma Bowman, ago
Publications

Better the Devil You Know: A User Study of Two CAPTCHAs and a Possible Replacement Technology

Kat Krol, Simon Parkin and M. Angela Sasse Abstract CAPTCHAs are difficult for humans to use, causing frustration. Alternatives have been proposed, but user studies equate usability to solvability. We consider the user perspective to include workload and context of use. We assess traditional text-based CAPTCHAs alongside PlayThru, a ‘gamified’ verification Read more…

By Emma Bowman, ago
Publications

Assessing the User Experience of Password Reset Policies in a University

Simon Parkin, Samy Driss, Kat Krol and M. Angela Sasse Abstract Organisations often provide helpdesk services to users, to resolve any problems that they may have in managing passwords for their provisioned accounts. Helpdesk logs record password change events and support requests, but overlook the impact of compliance upon end-user productivity. System managers are not Read more…

By Emma Bowman, ago