Andrew M'manga
Rationalising decision-making about risk: a normative approach.
M'manga, Andrew; Faily, Shamal; McAlaney, John; Williams, Chris
Authors
Shamal Faily
John McAlaney
Chris Williams
Contributors
Nathan L. Clarke
Editor
Steven M. Furnell
Editor
Abstract
Techniques for determining and applying security decisions typically follow risk-based analytical approaches where alternative options are put forward and weighed in accordance to risk severity metrics based on goals and context. The reasoning or validity behind decision making can, however, prove difficult to determine in conditions characterised by uncertainty stemming from environments with insufficient or incoherent information. This paper approaches the problem by proposing a conceptual model that provides security decision making traceability through auditing decision makers' rationalisation of risk. Additionally, the model highlights the role metacognition plays in identifying and understanding information affordances used for decision making.
Citation
M'MANGA, A., FAILY, S., MCALANEY, J. and WILLIAMS, C. 2018. Rationalising decision-making about risk: a normative approach. In Clarke, N.L. and Furnell, S.M. (eds.) Proceedings of the 12th International symposium on human aspects of information security and assurance (HAISA 2018), 29-31 August 2018, Dundee, UK. Plymouth: University of Plymouth, pages 263-271. Hosted on the CSCAN Archive [online]. Available from: https://www.cscan.org/?page=openaccess&eid=20&id=395
Presentation Conference Type | Conference Paper (published) |
---|---|
Conference Name | 12th International symposium on human aspects of information security and assurance (HAISA 2018) |
Start Date | Aug 29, 2018 |
End Date | Aug 31, 2018 |
Acceptance Date | Jul 16, 2018 |
Publication Date | Dec 31, 2018 |
Deposit Date | Sep 19, 2021 |
Publicly Available Date | Dec 9, 2021 |
Publisher | University of Plymouth |
Peer Reviewed | Peer Reviewed |
Pages | 263-271 |
ISBN | 9780244402549 |
Keywords | Systems security; Security risk analysis; User behaviour; Human-computer interaction (HCI); Decision-making |
Public URL | https://rgu-repository.worktribe.com/output/1437869 |
Publisher URL | https://www.cscan.org/?page=openaccess&eid=20&id=395 |
Files
M'MANGA 2018 Rationalising decision-making
(794 Kb)
PDF
You might also like
Privacy goals for the data lifecycle.
(2022)
Journal Article
Assessing system of systems information security risk with OASoSIS.
(2022)
Journal Article
Visualising personas as goal models to find security tensions.
(2021)
Journal Article
Evaluating privacy: determining user privacy expectations on the web.
(2021)
Journal Article
DPIA in context: applying DPIA to assess privacy risks of cyber physical systems.
(2020)
Journal Article