Output details
11 - Computer Science and Informatics
University of Aberdeen
Information Security Trade-offs and Optimal Patching Policies
<19> This paper, grounded in work with Merrill Lynch, HP, and Citigroup in the TSB-funded 'Trust Economics' project (http://www.hpl.hp.com/news/2011/oct-dec/Final_Report_collated.pdf), builds on papers in 'WEIS', the leading conference in information security economics, and 'Financial Cryptography and Data Security', a top-ranked security conference. It is published in the leading European OR journal. Its key innovation establishes, using financial-economics methods, a generic methodology for combining models of (technological) systems with economic models of the security preferences of system managers. This work inspired Beautement and Sasse's celebrated paper 'The Compliance Budget' and provides key techniques for the projects 'Seconomics', FP7, and 'Productive Security', RCUK/GCHQ.