Stakeholders' security decisions play a fundamental role in determining security requirements, yet, little is currently understood about how different stakeholder groups within an organisation approach security and the drivers and tacit biases underpinning their decisions. We studied and contrasted the security decisions of three demographics -- security experts, computer scientists and managers -- when playing a tabletop game that we designed and developed. The game tasks players with managing the security of a cyber-physical environment while facing various threats. Analysis of 12 groups of players (4 groups in each of our demographics) reveals strategies that repeat in particular demographics, e.g., managers and security experts generall...
The perception of risk is a driver for security analysts’ decision making. However, security analys...
It is often suggested in the literature that employees regard technical security measures (TSMs) as ...
Security decision-making is a critical task in tackling security threats affecting a system or proce...
Stakeholders' security decisions play a fundamental role in determining security requirem...
Cyber-security incidents show how difficult it is to make optimal strategic decisions in such a comp...
We developed a simulation game to study the effectiveness of decision-makers in overcoming two compl...
There have been various attempts to apply game theory to various aspects of security situations. Thi...
This document is the Accepted Manuscript of a conference paper published in Proceedings of the Cambr...
Contains fulltext : 284684.pdf (Publisher’s version ) (Open Access)14 april 202
Individual decision making in computer security risk plays a critical role in successful information...
© 2017 Elsevier B.V. Context: Security, in digitally connected organizational environments of today,...
Item does not contain fulltextSecurity professionals play a decisive role in security risk decision ...
The information security (IS) risk assessment process is an essential part to organisation's their p...
IT-Security Tabletop Games for developers have been available in analog format; with the COVID-19 pa...
The task of designing secure software systems is fraught with uncertainty, as data on uncommon attac...
The perception of risk is a driver for security analysts’ decision making. However, security analys...
It is often suggested in the literature that employees regard technical security measures (TSMs) as ...
Security decision-making is a critical task in tackling security threats affecting a system or proce...
Stakeholders' security decisions play a fundamental role in determining security requirem...
Cyber-security incidents show how difficult it is to make optimal strategic decisions in such a comp...
We developed a simulation game to study the effectiveness of decision-makers in overcoming two compl...
There have been various attempts to apply game theory to various aspects of security situations. Thi...
This document is the Accepted Manuscript of a conference paper published in Proceedings of the Cambr...
Contains fulltext : 284684.pdf (Publisher’s version ) (Open Access)14 april 202
Individual decision making in computer security risk plays a critical role in successful information...
© 2017 Elsevier B.V. Context: Security, in digitally connected organizational environments of today,...
Item does not contain fulltextSecurity professionals play a decisive role in security risk decision ...
The information security (IS) risk assessment process is an essential part to organisation's their p...
IT-Security Tabletop Games for developers have been available in analog format; with the COVID-19 pa...
The task of designing secure software systems is fraught with uncertainty, as data on uncommon attac...
The perception of risk is a driver for security analysts’ decision making. However, security analys...
It is often suggested in the literature that employees regard technical security measures (TSMs) as ...
Security decision-making is a critical task in tackling security threats affecting a system or proce...