Towards a Simulation of Information Security Behaviour in Organisations

Ruskov, Martin; Ekblom, Paul; Sasse, M. Angela

doi:10.1007/978-3-319-04447-7_14

Martin Ruskov³,
Paul Ekblom⁴ &
M. Angela Sasse³

1573 Accesses
1 Citations

Abstract

In this chapter we propose the fundaments of a design of an exploratory simulation of security management in a corporate environment. The model brings together theory and research findings on causes of information security risks in order to analyse diverse roles interacting through scripts. The framework is an adaptation of theoretical and empirical research in general crime prevention for the purposes of cybercrime. Its aim is to provide insights into the prerequisites for a more functional model (Information security; Conjunction of criminal opportunity; Crime scripts; Simulation).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Hardcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Adams A, Sasse MA. Users are not the enemy: why users compromise security mechanisms and how to take remedial measures. Commun ACM. 1999;42:40–6. doi:10.1145/322796.322806.
Article Google Scholar
Stajano F, Wilson P. Understanding scam victims: seven principles for systems security. Commun ACM. 2011;54:70–5. doi:10.1145/1897852.1897872.
Article Google Scholar
Riegelsberger J, Sasse M, McCarthy J. The mechanics of trust: a framework for research and design. Int J Hum-Comput Stud. 2005;62:381–422. doi:10.1016/j.ijhcs.2005.01.001.
Article Google Scholar
Beautement A, Sasse MA, Wonham M. The compliance budget: managing security behaviour in organisations. In: Proceedings of the 2008 workshop on New security paradigms. ACM, Lake Tahoe, California, USA, p. 47–58, doi:10.1145/1595676.1595684 NULL.
Collins BS, Mansell R. Cyber trust and crime prevention: A synthesis of the state-of-the-art science reviews. 2004. London, UK. http://eprints.lse.ac.uk/4252/. Accessed 16 Sept 2013.
Ekblom P. Happy returns: ideas brought back from situational crime prevention’s exploration of design against crime. In: Farrell G, Tilley N, editors. The Reasoning Criminologist: Essays in Honour of Ronald V. Clarke. Routledge, p 163–204; 2011.
Google Scholar
Ekblom P. Crime prevention, security and community safety using the 5Is framework (Crime Prevention and Security Management). Palgrave Macmillan; 2010.
Google Scholar
Cornish D. Crimes as scripts. In: Zahm D, Cromwell P, editors. Proceedings of the International Seminar on Environmental Criminology and Crime Analysis. Tallahassee: Florida Criminal Justice Executive Institute; 1994. p. 30–45.
Google Scholar
Alexander C, Ishikawa S, Silverstein M. A pattern language: towns, buildings, construction. Later printing. Oxford: Oxford University Press; 1977.
Google Scholar
Gamma E, Helm R, Johnson R, Vlissides J. Design patterns: elements of reusable object-oriented software, 1st ed. Addison-Wesley Professional; 1994.
Google Scholar
Birks D, Townsley M, Stewart A. Generative explanations of crime: using simulation to test criminological theory. Criminology. 2012;50:221–54. doi:10.1111/j.1745-9125.2011.00258.x.
Article Google Scholar
Cone B, Irvine CE, Thompson MF, Nguyen T. A video game for cyber security training and awareness. Comput Secur. 2007;26:63–72. doi:10.1016/j.cose.2006.10.005.
Article Google Scholar
Schultz. A framework for understanding and predicting insider attacks. Comput Secur. 2002; 21:526–531, doi:10.1016/s0167-4048(02)01009-x.
Tuglular T, Spafford EH. A framework for characterisation of insider computer misuse; 1997.
Google Scholar
Parker DB. Fighting computer crime: a new framework for protecting information. Wiley; 1998.
Google Scholar
Ekblom P. Gearing up against crime: a dynamic framework to help designers keep up with the adaptive criminal in a changing world. Int J Risk Secur Crime Prev. 1997;2:249–65.
Google Scholar
Ruskov M, Celdran JM, Ekblom P, Sasse MA. Unlocking the next level of crime prevention: development of a game prototype to teach the conjunction of criminal opportunity. Information Technologies and Control 8; 2013.
Google Scholar

Download references

Author information

Authors and Affiliations

Information Security Resarch Group, University College London, London, Uk
Martin Ruskov & M. Angela Sasse
Design Against Crime Research Centre, Central Saint Martins College of Art and Design, London, UK
Paul Ekblom

Authors

Martin Ruskov
View author publications
You can also search for this author in PubMed Google Scholar
Paul Ekblom
View author publications
You can also search for this author in PubMed Google Scholar
M. Angela Sasse
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Ruskov .

Editor information

Editors and Affiliations

Department of Computing and Communication Technologies, Oxford Brookes University, Oxford, Oxfordshire, United Kingdom
Clive Blackwell
Department of Computing and Communication Technologies, Oxford Brookes University, Oxford, Oxfordshire, United Kingdom
Hong Zhu

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Ruskov, M., Ekblom, P., Sasse, M.A. (2014). Towards a Simulation of Information Security Behaviour in Organisations. In: Blackwell, C., Zhu, H. (eds) Cyberpatterns. Springer, Cham. https://doi.org/10.1007/978-3-319-04447-7_14

Download citation

DOI: https://doi.org/10.1007/978-3-319-04447-7_14
Published: 14 May 2014
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04446-0
Online ISBN: 978-3-319-04447-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics