ACE Seminar: You’ve left me no choices: Security economics to inform behaviour intervention support in organizations

Speaker: Simon Parkin and Albesa Demjaha

Date/Time: 05-Sep-2019, 16:00 UTC

Venue: Roberts 309




Security policy-makers (influencers) in an organization set security policies that embody intended behaviours for decision-makers (employees) to follow. Decision-makers then face choices, where this is not simply a binary decision of whether to comply or not, but also how to approach compliance and secure working alongside other work-place pressures, and limited resources for identifying optimal security- related choices. Conflict arises due to information asymmetries present in the relationship, where influencers and decision-makers both consider costs, gains, and losses in ways which are not necessarily aligned. With the need to promote ‘good enough’ decisions about security-related behaviours under such constraints, we hypothesize that actions to resolve this misalignment can benefit from constructs from both neoclassical economicsand behavioural economics. Here we demonstrate how current approaches to security behaviour provisioning in organizations mirror rational-agent economics, even where behavioural economics is embodied in the promotion of individual security behaviours. We develop and present a framework to accommodate bounded security decision-making, within an ongoing programme of behaviours which must be provisioned for and supported. We also point to applications of the framework in negotiating sustainable security behaviours, such as policy concordance and just security cultures.


Simon Parkin is a Senior Teaching & Research Fellow in the Human-Centred Security team, part of the Information Security Research Group at UCL. Following completion of his PhD at Newcastle University in 2007, he was a Research Associate on the inter-disciplinary Trust Economics project through to 2011, then a member of the Innovation Team at HP Enterprise Security Services until mid-2012 before joining UCL.


Albesa Demjaha is currently a doctoral student in the Information Security Group at UCL. Her work focuses on the human-centred field of information security, more specifically in the organisational context. Her research is about properly and rigorously defining what a security culture is in such a context, and how it can be maintained as well as transformed. Within this field, a parallel interest is to create a robust and repeatable methodology of doing the above by using several research methodologies such as qualitative research and modelling. Albesa is also keen to link her work to security policy.

Add to Calendar

This page was last modified on 27 Mar 2014.